[Samba] Samba with AD : SID rejected

Rowland Penny rpenny at samba.org
Mon May 6 08:46:41 UTC 2019

On Mon, 6 May 2019 09:08:10 +0200
Vincent Ducot <vincent.ducot at rubycat-labs.com> wrote:

> Hi,
> sorry for the mistake, I meaned
> getent passwd vincent shows nothing and I got in the log file:
> winbindd_getpwnam: My domain -- rejecting getpwnam() for FOO\vincent.
> 'wbinfo -u | grep 'vincent' returns vincent, it's the good username.

Just because 'wbinfo' shows a user, doesn't mean that a Unix OS will
know the user, even if the smb.conf appears to be correct.

You originally posted this:

idmap config FOO:backend = ad
idmap config FOO:schema_mode = rfc2307
idmap config FOO:range = 10000-999999
idmap config FOO:unix_nss_info = yes
idmap config FOO:unix_primary_group = yes

So, does 'vincent' have a uidNumber attribute containing a number
inside the range '10000-99999999' AND either a gidnumber attribute
containing the gidNumber of an AD group, or does Domain
Users have gidNumber attribute ? The gidNumber must be inside the same


More information about the samba mailing list