After migration I have found some problems:


directives in /etc/samba/smb.conf

force user

force group

I have found similar problems like here: 

if i have share:


         workgroup = WSISIZ.EDU.PL
         realm = ad.wsisiz.edu.pl
         server role = member server
         security = ads

         winbind use default domain = Yes


  valid users = +laboratoria
  write list = +laboratoria
  force group = laboratoria

i cannot connect:

oceanic:~# smbclient \\oceanic\admins -U solarz
Enter WSISIZ.EDU.PL\solarz's password:
tree connect failed: NT_STATUS_NO_SUCH_GROUP


if i change "force group" to:

  force group = unix group\laboratoria

it works! (prefix unix group is not documented?)

Samba is at version:

Name        : samba
Epoch       : 2
Version     : 4.10.7
Release     : 0.fc30
Architecture: x86_64

I have some strange problems with AD:

at domain member:

oceanic:~# wbinfo -n "WSISIZ.EDU.PL\\laboratoria"
S-1-5-21-3156691614-3416019035-1284015310-3077 SID_DOM_GROUP (2)
oceanic:~# wbinfo -Y S-1-5-21-3156691614-3416019035-1284015310-3077
failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-3156691614-3416019035-1284015310-3077 to gid

oceanic:~# wbinfo  --online-status
BUILTIN : active connection
OCEANIC : active connection
WSISIZ.EDU.PL : active connection

wbinfo -u and -g works as expected....

at DC AD server:

root at themes:~# wbinfo -n "WSISIZ.EDU.PL\\laboratoria"
S-1-5-21-3156691614-3416019035-1284015310-3077 SID_DOM_GROUP (2)
root at themes:~# wbinfo -Y S-1-5-21-3156691614-3416019035-1284015310-3077
root at themes:~# wbinfo  --online-status
BUILTIN : active connection
WSISIZ.EDU.PL : active connection

It looks very strange ... Those conversion from sid to gid is an 
essential one?

