[Samba] winbind finds all domain users except Administrator
Rowland Penny
rpenny at samba.org
Mon Nov 13 22:03:24 UTC 2017
On Mon, 13 Nov 2017 22:34:16 +0100
Fabian Fritz via samba <samba at lists.samba.org> wrote:
> Hi,
>
> I have a samba 4.7 DC (Red Hat) and a Solaris 10 Member (also 4.7.0).
> I started winbindd and can get all users in my domain via "getent
> passwd" except MYDOM\Administrator. I can get it via wbinfo however:
>
> # wbinfo -n "MYDOM\Administrator"
>
> S-1-5-21-.......-500 SID_USER (1)
>
> In the winbind log with log level = 10, when I do getent passwd
> "MYDOM\Administrator I always see this:
>
> [2017/11/13 18:27:25.255682, 5]
>
> ../source3/winbindd/winbindd_getpwnam.c:136(winbindd_getpwnam_recv)
>
> Could not convert S-1-5-21-.......-500: NT_STATUS_NO_SUCH_USER
>
> I have the idmap configured like this:
>
>
> idmap config MYDOM : backend = ad
>
> idmap config MYDOM : range = 100 - 60000
This range means you cannot have ANY local Unix users, what happens if
something goes wrong and you need to log in as a local user ??
You also seem to be missing a line:
idmap config MYDOM : schema_mode = rfc2307
None of this has anything to do with your problem, mainly because you
do not have a problem ;-)
You should not be able to log into a Unix domain member as
Administrator, you should map Administrator to 'root' in a user.map and
then log in as root if need be.
Rowland
More information about the samba
mailing list