[Samba] wbinfo not resolving SID to username
rpenny at samba.org
Mon Jul 2 12:08:47 UTC 2018
On Mon, 2 Jul 2018 13:41:16 +0200
"Ing. Claudio Nicora" <claudio.nicora at gmail.com> wrote:
> > Now winbind can map some of these xidNumbers to names, but not all
> > and it will not map any xidNumbers to names if libnss_winbind isn't
> > set up correctly.
> Now I've changed /etc/nsswitch.conf and added "winbind" like this:
> # cat /etc/nsswitch.conf
> passwd: compat systemd winbind
> group: compat systemd winbind
> shadow: compat winbind
you should remove 'winbind' from the shadow line, it isn't required.
> now getfacl shows group names (with some strange chars in them) but
> still not users:
That is all perfectly normal on a Samba AD DC. The only way to get all
users and groups mapped to names, is to use uidNumber & gidNumber
attributes for all users & groups. This is NOT recommended on a DC, this
is because of sysvol, where some groups have also to be users to own
things. This is done in idmap.ldb where groups are mapped to
ID_TYPE_BOTH, if you give the wrong group a gidNumber, it will become
just a group and a group cannot own anything on Linux.
> You're right. I've added them when trying to fix it; they were not
> present at first place.
> PS I've followed this guide step by step:
Just as an aside, I think you will find that 'sysvol' is mostly empty,
you will need to sync it from the DC you joined this one to.
More information about the samba