[Samba] Could not convert sid: NT_STATUS_NO_SUCH_USER
francesco.malvezzi at unimore.it
Tue Apr 3 08:51:09 UTC 2018
Il 21/02/18 16:20, L.P.H. van Belle ha scritto:
> Thank you for having trust in my packages.. :-)
> Now if you use my package, i suggest, do read the howto's also...
> All you need for a good setup on debian stretch is there.
> if anyone find/see's improvements, please tell me... Or change it on github, thats why its there.
> First is this an upgraded domain? Or a new domain?
> What does `getent passwd username` tell you.
> Same for `id username`
> I would try the following.
> Run: net cache flush and try again, if that does not work then check then next..
> Review your config base on this member howto.
> That is a 100% working setup for stretch, if you did use it, then you missed something.
> .. You are missing some things in your smb.conf..
> Like (optional)
> idmap config NTDOM : unix_nss_info = yes
> # set this one and run net cache flush again.
> # User Administrator workaround, without it you are unable to set privileges
> # !Note: When using the AD ID mapping back end, do not set the uidNumber attribute for the domain administrator account.
> # If the account has the attribute set, the value overrides the local UID 0 of the root user and thus the mapping fails.
> username map = /etc/samba/samba_usermapping
well, I have been working on this issue quite a bit, lately.
The working recipe for me was:
1) configure sssd to fetch users from ad;
2) configure winbind to fetch sid/uid and sid/gid mappings from nss
3) provide group 'domain users' with a valid gidNumber: it looks the
prescription from idmap_ad "Winbind will only map users that have a
uidNumber and whose primary group have a gidNumber attribute set." holds
for idmap_nss as well.
If you plan to use sssd on Debian, beware of:
compile samba by your own).
More information about the samba