[Samba] Samba with AD : SID rejected

Rowland Penny rpenny at samba.org
Fri May 3 11:10:11 UTC 2019

On Fri, 3 May 2019 12:06:38 +0200
Vincent Ducot <vincent.ducot at rubycat-labs.com> wrote:

> Hi,
> Louis, Rowland, thanks for you answer.
> @Louis
> All packages were installed.
> I change my config file following your advices, the problem is still
> here. I already followed guides from thctlo's github.
> @Rowland
> Yes, my dns domain was different, but answered also to test.lan. It's
> now set to 'kdc=dc.foo.lab'
> I have my user vincent with uidNumber 10010 and gidNumber 13010
> (corresponding to Domain Users group).
> Getting SID from name (wbinfo -n) and name from SID (wbinfo -s)
> works . Commands with UID involved (wbinfo --sid-to-uid, wbinfo
> --uid-to-sid) work for my user vincent but not for the groups.
> Could it be a Windows problem ? Is there any changes in attributes
> between 2016 and 2019 ? (I use evaluation version of 2019, not yet a
> licence)

Whilst I think that there are attribute changes between 2016 & 2019,
they will have been additions rather than removal. Samba, when using the
winbind 'ad' on Unix domain members, relies on RFC2307 attributes and
if you can add them to AD, you shouldn't have a problem.

I think your problem is more likely to be dns related. I note that
Louis pointed out that your kdc domain didn't seem to match your Samba
domain, so are all the machines in the same dns domain ?


More information about the samba mailing list