[Samba] failed to call wbcSidToUid

Marcin Kruk askifyouneed at gmail.com
Mon Mar 5 15:29:43 UTC 2018


I have samba-4.6.2-12.el7_4.x86_64 which is connected to WIndows Active
Directory Server.

I configured samba with AD as below:

[global]
    workgroup = MYDOMAIN
    realm = MYDOMAIN.COM
    prefered master = No
    server string = servername
    security = ADS
    encrypt passwords = Yes
    log file = /var/log/samba/%I
    max log size = 50

    interfaces = bond0 lo
    bind interfaces only = Yes

    hosts allow = 10.32.0.0/16

    winbind enum users = Yes
    winbind enum groups = Yes
    winbind use default domain = No
    winbind separator = +
    #winbind nss info = rfc2307
    winbind trusted domains only = no
    winbind : ignore domains = FAKEDOMAIN

    template shell = /bin/falsen
    template homedir = /mnt/sambahomedir/%D/%U

    wide links = Yes
    follow symlinks = Yes
    unix extensions = No

    idmap config * : backend = tdb
    idmap config * : range = 10000-20000
    idmap config MYDOMAIN : unix_nss_info = No
    idmap config MYDOMAIN : backend = ad
    idmap config MYDOMAIN : schema_mode = rfc2307
    idmap config MYDOMAIN : range = 1000000-2000000

    server signing = auto
    client signing = auto

###############
When I use command wbinfo -u
I can see a list of all users in AD domain
MYDOMAIN+user1
MYDOMAIN+user2

When I execute
wbinfo -n user1 or
wbinfo -n DOMAIN+user
I get:
S-1-5-21-... SID_USER (1)

but when I execute
wbinfo -S SID
I get:
Could not convert sid S-1-5-21-... to uid

moreover when I try to chown the directory
chown "DOMAIN+user1" directory_path
I get:
chown: invalid user: 'DOMAIN+user1’

In the respectively configuration in samba samba-4.4.4-12.el7_3.x86_64
everything goes ok but configuration is without whole idmap config section.
Its oldfashion style.
I do not know mabye "backend = ad" is the problem of this configuration.
But when I move configuration from the sama 4.4.4-12 server the problem
still exists.


More information about the samba mailing list