[Samba] mapping sid to uid in member server
Jose Luis Suarez
tecnico.sistemas at igualdadebenestar.org
Thu Mar 22 07:37:16 UTC 2018
Hello
I am deploying a samba network with a AD DC and a member server for file
sharing.
Samba version 4.5 on Debian 8.
In AD DC everything goes fine.
In member server, smb.conf:
netbios name = ADFS1
realm = CGSIBAD.SC
workgroup = CGSIBAD
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
server role = member server
idmap config * : backend = tdb
idmap config CGSIBAD : backend = ad
winbind nss info = rfc2307
idmap_ldb:use rfc2307 = yes
security = ads
require strong key = yes
client schannel = yes
winbind expand groups = 1
winbind enum groups = yes
winbind enum users = yes
In the member server when I run wbinfo -n username I get de SID
correctly, but when
wbinfo -S S-1-5-21-2356952658-3999694786-159306407-1287
failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-2356952658-3999694786-159306407-1287 to uid
If I modify smb.conf including ranges:
netbios name = ADFS1
realm = CGSIBAD.SC
workgroup = CGSIBAD
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
server role = member server
idmap config * : backend = tdb
idmap config * : range = 11000-11999
idmap config CGSIBAD : backend = ad
idmap config CGSIBAD : range = 10000-10999
winbind nss info = rfc2307
idmap_ldb:use rfc2307 = yes
security = ads
require strong key = yes
client schannel = yes
winbind expand groups = 4
winbind enum groups = yes
winbind enum users = yes
then mapping works correctly; so obviously I have some misunderstanding
that I need to clarify: I thought that by using ad backend, all
sid/uid/gid queries were retrieved from AD DC domain server, so that it
was no necessary specify any uid range.
After a lot of digging I could not find any documentation regarding this
point, so would you be so kind of addressing me to some source of
information about this point?
Regards
Jose Luis
More information about the samba
mailing list