[Samba] Samba with AD : SID rejected

Vincent Ducot vincent.ducot at rubycat-labs.com
Mon May 6 08:58:56 UTC 2019


Le 06/05/2019 à 10:46, Rowland Penny via samba a écrit :
> On Mon, 6 May 2019 09:08:10 +0200
> Vincent Ducot <vincent.ducot at rubycat-labs.com> wrote:
>
>> Hi,
>>
>> sorry for the mistake, I meaned
>>
>> getent passwd vincent shows nothing and I got in the log file:
>>
>> winbindd_getpwnam: My domain -- rejecting getpwnam() for FOO\vincent.
>>
>> 'wbinfo -u | grep 'vincent' returns vincent, it's the good username.
>>
> Just because 'wbinfo' shows a user, doesn't mean that a Unix OS will
> know the user, even if the smb.conf appears to be correct.
>
> You originally posted this:
>
> idmap config FOO:backend = ad
> idmap config FOO:schema_mode = rfc2307
> idmap config FOO:range = 10000-999999
> idmap config FOO:unix_nss_info = yes
> idmap config FOO:unix_primary_group = yes
>
> So, does 'vincent' have a uidNumber attribute containing a number
> inside the range '10000-99999999' AND either a gidnumber attribute
> containing the gidNumber of an AD group, or does Domain
> Users have gidNumber attribute ? The gidNumber must be inside the same
> range.
>
> Rowland

Yes, user 'vincent' has uidNumber 10010, gidNumber 13010 and
primaryGroupID 513.

513 corresponds to the group "Domain Users", which have gidNumber 13010

Vincent




More information about the samba mailing list