[Samba] Setup of Samba with Solaris 11.3 to provide Unix File Shares to Windows Users

Martin Decker martin.decker at gmx.net
Fri Aug 18 12:40:54 UTC 2017

    Dear List,

    I am trying to set up Samba 3.6.25 (solaris 11.3 packaged) to provide
unix file shares to windows users.

    I can successfully list groups and users with wbinfo -u / wbinfo -g,
but I do not get any data with "getent group" or "getent passwd". In AD, we
have set "gidNumber" Attribute for Group "Domain Users" to a value in the
specified range (100-999999). Also, for my account "mdecker", we have set
uidNumber in AD to a value in the range.


    wbinfo -u | grep mdecker

    wbinfo -g |grep -i "dom"

    For getent commands, when I enable debug level for winbindd, I can see:

    getent passwd "MYDOM\\mdecker"
    ... no output

    Winbind Trace:

    accepted socket 23
    process_request: request fn INTERFACE_VERSION
    [ 1414]: request interface version
    winbind_client_response_written[1414:INTERFACE_VERSION]: delivered
response to client
    process_request: request fn WINBINDD_PRIV_PIPE_DIR
    [ 1414]: request location of privileged pipe
    winbind_client_response_written[1414:WINBINDD_PRIV_PIPE_DIR]: delivered
response to client
    accepted socket 24
    closing socket 23, client exited
    process_request: Handling async request 1414:GETPWNAM
    getpwnam mdecker
    winbindd_getpwnam: My domain -- rejecting getpwnam() for MYDOM\mdecker.
    Could not convert sid S-0-0: NT_STATUS_NO_SUCH_USER
    wb_request_done[1414:GETPWNAM]: NT_STATUS_NO_SUCH_USER
    winbind_client_response_written[1414:GETPWNAM]: delivered response to
    closing socket 24, client exited

    getent group "MYDOM\\Domain Users"
    ... no output

    Winbind Trace:

    process_request: Handling async request 3067:GETGRNAM
    getgrnam MARABU\Domain Users
         wbint_LookupName: struct wbint_LookupName
            in: struct wbint_LookupName
                domain                   : *
                    domain                   : 'MYDOM'
                name                     : *
                    name                     : 'DOMAIN USERS'
                flags                    : 0x00000000 (0)
         wbint_LookupName: struct wbint_LookupName
            out: struct wbint_LookupName
                type                     : *
                    type                     : SID_NAME_USE_NONE (0)
                sid                      : *
                    sid                      : S-0-0
                result                   : NT_STATUS_NONE_MAPPED
    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
    wb_request_done[3067:GETGRNAM]: NT_STATUS_NONE_MAPPED
    winbind_client_response_written[3067:GETGRNAM]: delivered response to

    Any hints are greatly appreciated.

    Best regards,

    For reference, this is the smb.conf:

        workgroup = MYDOM
        realm = MYDOM.ADS
        server string = Samba Server
        security = ADS
        log level = 2
        log file = /var/samba/log/log.%m
        max log size = 50
        unix extensions = No
        client signing = Yes
        local master = No
        domain master = No
        dns proxy = No
        winbind enum users = Yes
        winbind enum groups = Yes
        # So we remove the "MYDOMAIN\" part from MYDOMAIN\userid
        winbind trusted domains only = Yes
        idmap config * :backend = tdb
        idmap config * : range = 1000-1999999
        idmap config MYDOM : backend = ad
        idmap config MYDOM : range = 100-999999
        idmap config MYDOM : schema_mode = rfc2307
        winbind nss info = rfc2307
        inherit permissions = Yes
        map acl inherit = Yes
        # We do not run NETBIOS
        disable netbios = Yes
        # Printers
        load printers = no

    # Set up our ZFS shares so that ACL work correctly from Windows
        comment = Home Directories
        read only = No
        inherit acls = Yes
        map archive = No
        map readonly = no
        vfs objects = zfsacl
        zfsacl: acesort = dontcare
        nfs4:chown = yes
        nfs4:acedup = merge
        nfs4:mode = special

        comment = Verzeichnis fuer Rezepturen
        read only = No
        path = /share1
        available = yes
        browsable = yes
        guest ok = yes
        writable = yes

Martin Decker

More information about the samba mailing list