[Samba] wbinfo not resolving SID to username

Rowland Penny rpenny at samba.org
Mon Jul 2 13:23:57 UTC 2018

On Mon, 2 Jul 2018 14:36:57 +0200
"Ing. Claudio Nicora" <claudio.nicora at gmail.com> wrote:

> > you should remove 'winbind' from the shadow line, it isn't required.
> Done, thanks.
> > That is all perfectly normal on a Samba AD DC. The only way to get
> > all users and groups mapped to names, is to use uidNumber &
> > gidNumber attributes for all users & groups. This is NOT
> > recommended on a DC, this is because of sysvol, where some groups
> > have also to be users to own things. This is done in idmap.ldb
> > where groups are mapped to ID_TYPE_BOTH, if you give the wrong
> > group a gidNumber, it will become just a group and a group cannot
> > own anything on Linux. 
> Ok. This is the first Samba DC I'm playing with and I like to check 
> everything before putting it into production.

Best way of doing things, if you make mistakes, you can always start
again ;-)

> > Just as an aside, I think you will find that 'sysvol' is mostly
> > empty, you will need to sync it from the DC you joined this one to.
> > Rowland
> I've replicated sysvol with robocopy (from the Windows) and
> configured a task to keep things in sync till the Windows DC will be
> demoted.

Okay, just thought I would mention it.

> What about the strange chars in getfacl output? They seem like escape 
> sequences:
> "default:group:BUILTIN\134administrators:rwx" should read 
> "default:group:BUILTIN\administrators:rwx", right?

In an ideal world, yes, but this isn't an ideal world and yes, they are
a type of escape sequence (for want of a better word) and they are
quite normal, you can ignore them.


More information about the samba mailing list