[Samba] wbinfo not resolving SID to username
Rowland Penny
rpenny at samba.org
Mon Jul 2 10:45:55 UTC 2018
On Mon, 2 Jul 2018 12:16:42 +0200
"Ing. Claudio Nicora via samba" <samba at lists.samba.org> wrote:
> I suspect there's something wrong in wbinfo on a freshly installed
> Samba AD Domain Controller on Ubuntu 18.04 server.
> wbinfo does not resolve Windows SID to usernames:
>
> # wbinfo -S S-1-5-21-299502267-616249376-1417001333-14107
> 3000103
>
> I should see "SAMDOM\username" instead of "3000103", right?
Not necessarily ;-)
On a DC, idmap.ldb is used to map AD users & groups to 'xidNumbers'.
It takes the 'SID-RID' and maps this to the next available number in
the '3000000' range.
Now winbind can map some of these xidNumbers to names, but not all and
it will not map any xidNumbers to names if libnss_winbind isn't set up
correctly.
>
> # samba --version
> Version 4.7.6-Ubuntu
>
> # cat /etc/samba/smb.conf
> [global]
> bind interfaces only = Yes
> interfaces = lo eth_lan
> netbios name = SRVADDC
> realm = SAMDOM.LOCAL
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate
> workgroup = SAMDOM
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = Yes
You should remove the three 'winbind' lines, you do not need the first
two (and they can slow things down) and the last one does nothing on a
DC.
Rowland
More information about the samba
mailing list