[Samba] Added RFC2307 --> Unable to convert SID (S-1-1-0)

Jonathan Hunter jmhunter1 at gmail.com
Fri Jun 5 04:41:09 MDT 2015 

>From my .bash_history on the schema master DC, effectively:

# sed -e 's/${DOMAINDN}/dc=MYDOMAIN,dc=MY,dc=TLD/g'  \
      -e 's/${NETBIOSNAME}/MYDOMAIN/g'              \
      -e 's/${NISDOMAIN}/MYDOMAIN/g'                \
      /usr/local/samba/share/setup/ypServ30.ldif > ypServ30-JMH.ldif
# service samba4 stop
# ldbmodify -H /usr/local/samba/private/sam.ldb ypServ30-JMH.ldif
--option="dsdb:schema update allowed"=true
Modified 55 records successfully
# service samba4 start

On 5 June 2015 at 11:13, Rowland Penny <rowlandpenny at googlemail.com> wrote:
> On 05/06/15 10:44, Jonathan Hunter wrote:
>>
>> Hi,
>
>>
>> I have now added rfc2307 to my domain - I extended the schema, have
>> added UIDs to some (not all yet) of my users and groups, and have my
>> smb.conf with this currently:
>>
>> idmap_ldb:use rfc2307 = yes winbind nss info = rfc2307
>>
>> winbind use default domain = Yes winbind enum users = Yes winbind
>> enum groups = Yes winbind refresh tickets = Yes winbind expand groups
>> = 8
>>
>> #idmap config *:range = 900000-999999
>>
>> This works just fine on one of my DCs, but the other is proving more
>> problematic.
>>
>> See below for more detail on the process, but the issue is that
>> right now, I now have hundreds (thousands) of messages appearing in
>> syslog along the lines of: Unable to convert SID (S-1-1-0) at index 5
>> in user token to a GID. Conversion was returned as type 0, full
>> token:
>>
>> 'net cache list' confirms: Key: IDMAP/SID2XID/S-1-1-0 Timeout:
>> 10:41:35       Value: -1:N
>>
>> I've uncommented the idmap line above, to no effect.
>>
>> The same config works just fine on the other DC.
>>
>> What can I check next?
>>
>> Thanks,
>>
>> Jonathan
>>
>> I can't explain the initial issues I had on this DC, either. After
>> adding rfc2307, this DC simply wouldn't resolve the new UIDs I had
>> added, despite running "net cache flush". Even when shutting samba
>> down, then running "net cache flush", then starting samba back, I
>> had a very weird time where running "id <user>" was just fine at
>> first, returning the rfc2307-defined UID, but then running the same
>> command a few seconds later, it had reverted back to 3000007!
>>
>> I finally used the following to restart - clearing out the idmap.ldb
>> file - and this seemed to work better, but I still have the issue
>> above: service samba4 stop;net cache flush;rm
>> /usr/local/samba/private/idmap.ldb;service samba4 start
>>
>
> Hi, what do you mean 'I extended the schema' ?
> How did you extend the schema and with what ?
>
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba



-- 
"If we knew what it was we were doing, it would not be called
research, would it?"
      - Albert Einstein

More information about the samba mailing list