[Samba] wbinfo -S SID deliver -1

edv at ednt.de edv at ednt.de
Tue Apr 25 20:31:48 UTC 2017 

i have setup a samba server as a AD member. AD: 2012R2

The first day everything was working fine. After restart the Samba 
Service i had no access to my shares.

getent passwd  and getent group deliver the UID and GID : 
4294967295:4294967295: by all AD Users

which is -1 (FFFF FFFF)

wbinfo -n user deliver S-1-5-21-4001112740-1724199908-163113746-1106 
SID_USER (1) which is correct !

I get from wbinfo -S S-1-5-21-4001112740-1724199908-163113746-1106 as 
result -1 !

In the Winbind log i get :
i get from the log Parsing value for key 
[IDMAP/SID2XID/S-1-5-21-4001112740-1724199908-163113746-1106]: value=[-1:N]


The Samba Version is : Version 4.2.14-Debian

My smb.conf is :
  [global]
         netbios name = fs2
         workgroup = XDNT
         security = ADS
         realm = XDNT.DE
         encrypt passwords = yes

         log file = /var/log/samba/log.%m
         log level = 10  #passdp:10 auth:10 winbind:10

# Log auf Datei Zugriff
         vfs object = full_audit recycle acl_xattr
         full_audit:prefix = IP=%I|USER=%u|MACHINE=%m|VOLUME=%S
         full_audit:success = mkdir rename unlink rmdir pwrite
         full_audit:failure = none
         full_audit:facility = local7
#       full_audit:priority = DEBUG
         full_audit:priority = notice

# Log auf Datei löschen
         recycle:repository = /srv/export/samba/recycle
         recycle:subdir_mode = 0770
         recycle:directory_mode = 0770
         recycle:keeptree = Yes
         recycle:versions = Yes
         recycle:touch = Yes
         recycle:touch_mtime = Yes
         recycle:maxsize = 0

         syslog = yes

#idmap config *:backend = tdb
#idmap config *:range = 85000-86000

         idmap config XDNT : backend = ad
         idmap config XDNT : schema_mode = rfc2307
         idmap config XDNT : range = 3000000-4000000

         idmap config XDNT:unix_primary_group = yes

         winbind nss info = rfc2307
         winbind trusted domains only = no
         winbind use default domain = yes
         winbind enum users = yes
         winbind enum groups = yes
         winbind refresh tickets = yes

#       winbind nss info = template
#       template shell = /bin/bash
#       template homedir = /home/%U

         map acl inherit = Yes
         store dos attributes = Yes

         follow symlinks = yes

passdb backend = tdbsam
map untrusted to domain = Yes

username map = /etc/samba/user.map


Some one can help me please ?

More information about the samba mailing list