[Samba] Unable to map SID of domain admin although mapped in username map
Henry Jensen
hjensen at mailbox.org
Tue Jul 24 09:25:33 UTC 2018
Hello,
Lots of messages in smbd log file on a Samba file server, which is member of a Samba AD :
[2018/07/24 10:30:00.822403, 0] ../source3/smbd/posix_acls.c:2080(create_canon_ace_lists)
create_canon_ace_lists: unable to map SID S-1-5-21-1234567898-1234567897-123456789-2996 to uid or gid.
The SID is that of the domain admin (username: domainadmin) which is mappped in a username map file.
smb.conf:
---------
[global]
workgroup = MYDOM
security = ADS
realm = MYDOM.LAN
# Default idmap config for local BUILTIN accounts and groups
idmap config *:backend = tdb
idmap config *:range = 80001-90000
# idmap config for the MYDOM domain
idmap config MYDOM:backend = ad
idmap config MYDOM:schema_mode = rfc2307
idmap config MYDOM:range = 500-80000
#Samba >= 4.6.0
#idmap config MYDOM:unix_nss_info = yes
#Samba < 4.6.0
winbind nss info = rfc2307
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
username map = /etc/samba/user.map
Dos charset = 850
unix charset = UTF-8
interfaces = eth0 eth2
vfs objects = recycle
recycle: repository = .Papierkorb/%u
recycle:directory_mode = 0777
recycle:subdir_mode = 0770
recycle: keeptree = Yes
recycle: exclude = *.tmp, *.temp, *.log, *.ldb
recycle: exclude_dir = tmp
recycle:versions = Yes
/etc/samba/user.map:
--------------------
!root = MYDOM\domainadmin
Access as domainadmin from windows to this file server is working as
expected. So, should I just ignore this messsages?
Kind regards,
Henry
More information about the samba
mailing list