[Samba] wbinfo not resolving SID to username
Rowland Penny
rpenny at samba.org
Mon Jul 2 12:08:47 UTC 2018
On Mon, 2 Jul 2018 13:41:16 +0200
"Ing. Claudio Nicora" <claudio.nicora at gmail.com> wrote:
> > Now winbind can map some of these xidNumbers to names, but not all
> > and it will not map any xidNumbers to names if libnss_winbind isn't
> > set up correctly.
> Now I've changed /etc/nsswitch.conf and added "winbind" like this:
>
> # cat /etc/nsswitch.conf
> passwd: compat systemd winbind
> group: compat systemd winbind
> shadow: compat winbind
you should remove 'winbind' from the shadow line, it isn't required.
>
> now getfacl shows group names (with some strange chars in them) but
> still not users:
That is all perfectly normal on a Samba AD DC. The only way to get all
users and groups mapped to names, is to use uidNumber & gidNumber
attributes for all users & groups. This is NOT recommended on a DC, this
is because of sysvol, where some groups have also to be users to own
things. This is done in idmap.ldb where groups are mapped to
ID_TYPE_BOTH, if you give the wrong group a gidNumber, it will become
just a group and a group cannot own anything on Linux.
> You're right. I've added them when trying to fix it; they were not
> present at first place.
> PS I've followed this guide step by step:
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
Just as an aside, I think you will find that 'sysvol' is mostly empty,
you will need to sync it from the DC you joined this one to.
Rowland
More information about the samba
mailing list