[Samba] wbinfo not resolving SID to username

Rowland Penny rpenny at samba.org
Mon Jul 2 10:45:55 UTC 2018

On Mon, 2 Jul 2018 12:16:42 +0200
"Ing. Claudio Nicora via samba" <samba at lists.samba.org> wrote:

> I suspect there's something wrong in wbinfo on a freshly installed
> Samba AD Domain Controller on Ubuntu 18.04 server.
> wbinfo does not resolve Windows SID to usernames:
> # wbinfo -S S-1-5-21-299502267-616249376-1417001333-14107
> 3000103
> I should see "SAMDOM\username" instead of "3000103", right?

Not necessarily ;-)

On a DC, idmap.ldb is used to map AD users & groups to 'xidNumbers'.
It takes the 'SID-RID' and maps this to the next available number in
the '3000000' range.

Now winbind can map some of these xidNumbers to names, but not all and
it will not map any xidNumbers to names if libnss_winbind isn't set up

> # samba --version
> Version 4.7.6-Ubuntu
> # cat /etc/samba/smb.conf
> [global]
>          bind interfaces only = Yes
>          interfaces = lo eth_lan
>          netbios name = SRVADDC
>          realm = SAMDOM.LOCAL
>          server role = active directory domain controller
>          server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
> drepl, winbindd, ntp_signd, kcc, dnsupdate
>          workgroup = SAMDOM
>          winbind enum users = yes
>          winbind enum groups = yes
>          winbind use default domain = Yes

You should remove the three 'winbind' lines, you do not need the first
two (and they can slow things down) and the last one does nothing on a


More information about the samba mailing list