[Samba] WBC_ERR_DOMAIN_NOT_FOUND error with RFC2307

Ryan rlichtenwalter at gmail.com
Thu Jul 4 20:25:52 UTC 2019

I am still trying to configure Samba to authenticate users against
ActiveDirectory, but lookup uid and gids against a stand-alone OpenLDAP
server. Related to a previous recommendation, I found the idmap_rfc2307
capability, which seems likely exactly what I what.

Unfortunately, it does not seem to work. Users are not permitted to access
shares for which they are in the group.

Tests I found online of the idmapping using wbinfo, fail as follows.

$>wbinfo -n rlicht2

$>net cache flush

$>wbinfo -S THE_SID
failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid THE_SID to uid

I do not see any indication in the log files that the LDAP server is being
contacted, though winbind startup shows that it is processing the idmap

And I have done the following:

net idmap set secret 'MYDOMAIN' 'password'

Here is the smb.conf file:

strict locking = no
workgroup = MYDOMAIN
server string = Samba Server Version %v
disable netbios = yes
interfaces = lo eth0
log file = /var/log/samba/log.%m
log level = 5
max log size = 64
security = ads
kerberos method = secrets and keytab
load printers = no
printcap name = /dev/null
printing = bsd
disable spoolss = yes
ldap ssl = off

idmap config * : backend = tdb
idmap config * : range = 65536-4294967296

idmap config MYDOMAIN : backend = rfc2307
idmap config MYDOMAIN : range = 1000-65535
idmap config MYDOMAIN : ldap_server = stand-alone
idmap config MYDOMAIN : bind_path_user = ou=users,dc=myldap,dc=org
idmap config MYDOMAIN : bind_path_group = ou=groups,dc=myldap,dc=org
idmap config MYDOMAIN : user_cn = no
idmap config MYDOMAIN : ldap_url = ldaps://ldap.myldap.org:636
idmap config MYDOMAIN : ldap_user_dn = cn=samba,ou=agents,dc=myldap,dc=org

comment = Home Directories
path = /home/%U
browseable = no
writable = yes
create mask = 0600
directory mask = 0700
valid users = MYDOMAIN\%U
preexec = ls /home/%U

path = /home/lab
writable = yes
valid users = @share
force group = share
create mask = 0660
directory mask = 0770
preexec = ls /home/share

More information about the samba mailing list