[Samba] wbinfo not resolving SID to username
Ing. Claudio Nicora
claudio.nicora at gmail.com
Mon Jul 2 12:36:57 UTC 2018
> you should remove 'winbind' from the shadow line, it isn't required.
Done, thanks.
> That is all perfectly normal on a Samba AD DC. The only way to get all
> users and groups mapped to names, is to use uidNumber & gidNumber
> attributes for all users & groups. This is NOT recommended on a DC,
> this is because of sysvol, where some groups have also to be users to
> own things. This is done in idmap.ldb where groups are mapped to
> ID_TYPE_BOTH, if you give the wrong group a gidNumber, it will become
> just a group and a group cannot own anything on Linux.
Ok. This is the first Samba DC I'm playing with and I like to check
everything before putting it into production.
> Just as an aside, I think you will find that 'sysvol' is mostly empty,
> you will need to sync it from the DC you joined this one to. Rowland
I've replicated sysvol with robocopy (from the Windows) and configured a
task to keep things in sync till the Windows DC will be demoted.
What about the strange chars in getfacl output? They seem like escape
sequences:
"default:group:BUILTIN\134administrators:rwx" should read
"default:group:BUILTIN\administrators:rwx", right?
Is there something wrong here?
More information about the samba
mailing list