[Samba] BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND

[Rowland Penny]

On Wed, 06 Sep 2017 10:24:08 +0200
Jiří Černý via samba <samba at lists.samba.org> wrote:

> Thank you again, Rowland, for your time.
> I think that different ID ranges in my domain is ok, at lest we will
> survive it, Is it desired behavior, as I assume, that getent group
> cannot list Domain Admins (and other groups) without setting UNIX GID.
> GPO processing is now ok, at least there is no errors of sysvolcheck
> and sysvolreset.
> So there is one thing I'd like to solve. Problem with
> BUILTIN\Administrators, which is motive I started this discussion.
> Probably there are problems also with other BUILTIN groups except
> BUILTIN\Server Operators, which is mapped right.
> 
> wbinfo --sid-to-uid="S-1-5-32-544"
> failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not convert sid S-1-5-32-544 to uid

I feel this all has something to do with the classicupgrade, the
command works for me, does 'wbinfo --sid-to-gid="S-1-5-32-544"' work ?

> 
> So I cannot use samba-check-set-sysvol.sh for example.
> 
> I'm sending you idmap.ldb for inspection.

I haven't received it yet, but will examine and comment on it when I do.

> 
> 
> 
> Interesting is, that in my lab domain (provisioned from scratch) was
> set UNIX GID on Domain Computers and Controllers. I didn't have the
> reason to set this manually...

Yes, but is this set on the computers object in sam.ldb as a gidNumber
or in idmap.ldb as a xidNumber ?
A gidNumber can be used on any Unix machine in the domain, a xidNumber
will only be used on the DC.

Rowland