[Samba] getenv does not return any AD DOMAIN users or groups - ?nsswitch is not setup for Samba?

Barry D. Adkins Barry at daram.com
Sun Nov 18 01:31:14 UTC 2018


> idmap config DOMAIN : range = 50000-1000000

>>Does the 'Domain Users' group have a gidNumber attribute containing a
>>number inside the range above ?
>>Do your users have a uidNumber attribute containing a unique number
>>inside the same range ?

Well, I'm not certain.  I used Windows System tools to examine SIDs on the Domain Controller, but I have not found how or for sure if a SID can be converted to a UID.
To be clear, getent passwd reports many entries, but NONE from Active Directory, same for groups.

This whole "exercise" was begun because of the failure of this command:
chown root:"Domain Admins" /srv/samba/filestore/
chown: invalid group: 'root:Domain Admins'

I created /srv/samba/filestore/ to share, and in fact it is shared, but I have not been able to set permissions per this WIKI:
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs

Manpage for wbinfo
 -S|--sid-to-uid sid
           Convert a SID to a UNIX user id. If the SID does not correspond to a UNIX user mapped
           by winbindd(8) then the operation will fail.

I used the wbinfo command with a SID from a domain user.  It fails which seems to confirm that there is some missing link with winbindd as mentioned on the man page.

result:
failed to call wbcStringToSid: WBC_ERR_INVALID_SID
could not convert sid S-1-5-21-346857055-4299993622516-4263914971-1113 to uid

Barry



More information about the samba mailing list