[Samba] Unable to map SID of domain admin although mapped in username map
Rowland Penny
rpenny at samba.org
Tue Jul 24 09:38:53 UTC 2018
On Tue, 24 Jul 2018 11:25:33 +0200
Henry Jensen via samba <samba at lists.samba.org> wrote:
> Hello,
>
> Lots of messages in smbd log file on a Samba file server, which is
> member of a Samba AD :
>
> [2018/07/24 10:30:00.822403,
> 0] ../source3/smbd/posix_acls.c:2080(create_canon_ace_lists)
> create_canon_ace_lists: unable to map SID
> S-1-5-21-1234567898-1234567897-123456789-2996 to uid or
> gid.
>
>
> The SID is that of the domain admin (username: domainadmin) which is
> mappped in a username map file.
Well, take it out of the username map and give 'domainadmin' a
uidNumber attribute, then add 'domainadmin' to 'Domain Admins' or
'Administrators'
>
>
> smb.conf:
> ---------
> [global]
> workgroup = MYDOM
> security = ADS
> realm = MYDOM.LAN
>
> # Default idmap config for local BUILTIN accounts and groups
> idmap config *:backend = tdb
> idmap config *:range = 80001-90000
>
> # idmap config for the MYDOM domain
> idmap config MYDOM:backend = ad
> idmap config MYDOM:schema_mode = rfc2307
> idmap config MYDOM:range = 500-80000
>
> #Samba >= 4.6.0
> #idmap config MYDOM:unix_nss_info = yes
>
> #Samba < 4.6.0
> winbind nss info = rfc2307
>
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
>
> winbind use default domain = yes
>
> winbind enum users = yes
> winbind enum groups = yes
> username map = /etc/samba/user.map
>
> Dos charset = 850
> unix charset = UTF-8
> interfaces = eth0 eth2
>
> vfs objects = recycle
> recycle: repository = .Papierkorb/%u
> recycle:directory_mode = 0777
> recycle:subdir_mode = 0770
> recycle: keeptree = Yes
> recycle: exclude = *.tmp, *.temp, *.log, *.ldb
> recycle: exclude_dir = tmp
> recycle:versions = Yes
>
>
>
> /etc/samba/user.map:
> --------------------
> !root = MYDOM\domainadmin
Change this to '!root = MYDOM\Administrator'
Rowland
More information about the samba
mailing list