[Samba] winbind finds all domain users except Administrator

Rowland Penny rpenny at samba.org
Mon Nov 13 22:03:24 UTC 2017


On Mon, 13 Nov 2017 22:34:16 +0100
Fabian Fritz via samba <samba at lists.samba.org> wrote:

> Hi,
> 
> I have a samba 4.7 DC (Red Hat) and a Solaris 10 Member (also 4.7.0).
> I started winbindd and can get all users in my domain via "getent
> passwd" except MYDOM\Administrator. I can get it via wbinfo however:
> 
> # wbinfo -n "MYDOM\Administrator"
> 
> S-1-5-21-.......-500 SID_USER (1)
> 
> In the winbind log with log level = 10, when I do getent passwd
> "MYDOM\Administrator I always see this:
> 
> [2017/11/13 18:27:25.255682,  5]
> 
> ../source3/winbindd/winbindd_getpwnam.c:136(winbindd_getpwnam_recv)
> 
> Could not convert S-1-5-21-.......-500: NT_STATUS_NO_SUCH_USER
> 
> I have the idmap configured like this:
> 
> 
> idmap config MYDOM : backend = ad
> 
> idmap config MYDOM : range = 100 - 60000

This range means you cannot have ANY local Unix users, what happens if
something goes wrong and you need to log in as a local user ??

You also seem to be missing a line:

idmap config MYDOM : schema_mode = rfc2307

None of this has anything to do with your problem, mainly because you
do not have a problem ;-)

You should not be able to log into a Unix domain member as
Administrator, you should map Administrator to 'root' in a user.map and
then log in as root if need be.

Rowland





More information about the samba mailing list