[Samba] wbinfo not resolving SID to username

Ing. Claudio Nicora claudio.nicora at gmail.com
Mon Jul 2 12:36:57 UTC 2018


> you should remove 'winbind' from the shadow line, it isn't required.
Done, thanks.

> That is all perfectly normal on a Samba AD DC. The only way to get all
> users and groups mapped to names, is to use uidNumber & gidNumber 
> attributes for all users & groups. This is NOT recommended on a DC, 
> this is because of sysvol, where some groups have also to be users to 
> own things. This is done in idmap.ldb where groups are mapped to 
> ID_TYPE_BOTH, if you give the wrong group a gidNumber, it will become 
> just a group and a group cannot own anything on Linux. 
Ok. This is the first Samba DC I'm playing with and I like to check 
everything before putting it into production.

> Just as an aside, I think you will find that 'sysvol' is mostly empty, 
> you will need to sync it from the DC you joined this one to. Rowland
I've replicated sysvol with robocopy (from the Windows) and configured a 
task to keep things in sync till the Windows DC will be demoted.

What about the strange chars in getfacl output? They seem like escape 
sequences:
"default:group:BUILTIN\134administrators:rwx" should read 
"default:group:BUILTIN\administrators:rwx", right?

Is there something wrong here?



More information about the samba mailing list