[Samba] failed to call wbcSidToUid
Marcin Kruk
askifyouneed at gmail.com
Mon Mar 5 15:29:43 UTC 2018
I have samba-4.6.2-12.el7_4.x86_64 which is connected to WIndows Active
Directory Server.
I configured samba with AD as below:
[global]
workgroup = MYDOMAIN
realm = MYDOMAIN.COM
prefered master = No
server string = servername
security = ADS
encrypt passwords = Yes
log file = /var/log/samba/%I
max log size = 50
interfaces = bond0 lo
bind interfaces only = Yes
hosts allow = 10.32.0.0/16
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = No
winbind separator = +
#winbind nss info = rfc2307
winbind trusted domains only = no
winbind : ignore domains = FAKEDOMAIN
template shell = /bin/falsen
template homedir = /mnt/sambahomedir/%D/%U
wide links = Yes
follow symlinks = Yes
unix extensions = No
idmap config * : backend = tdb
idmap config * : range = 10000-20000
idmap config MYDOMAIN : unix_nss_info = No
idmap config MYDOMAIN : backend = ad
idmap config MYDOMAIN : schema_mode = rfc2307
idmap config MYDOMAIN : range = 1000000-2000000
server signing = auto
client signing = auto
###############
When I use command wbinfo -u
I can see a list of all users in AD domain
MYDOMAIN+user1
MYDOMAIN+user2
When I execute
wbinfo -n user1 or
wbinfo -n DOMAIN+user
I get:
S-1-5-21-... SID_USER (1)
but when I execute
wbinfo -S SID
I get:
Could not convert sid S-1-5-21-... to uid
moreover when I try to chown the directory
chown "DOMAIN+user1" directory_path
I get:
chown: invalid user: 'DOMAIN+user1’
In the respectively configuration in samba samba-4.4.4-12.el7_3.x86_64
everything goes ok but configuration is without whole idmap config section.
Its oldfashion style.
I do not know mabye "backend = ad" is the problem of this configuration.
But when I move configuration from the sama 4.4.4-12 server the problem
still exists.
More information about the samba
mailing list