[Samba] wbinfo -r reports strange gids on AD member
L.P.H. van Belle
belle at bazuin.nl
Tue Jan 21 14:18:08 UTC 2020
Hai,
3001 is in the * range.
Its one of these most probely.
SERVER_OPERATORS="S-1-5-32-549"
ADMINISTRATORS="S-1-5-32-544"
SYSTEM="S-1-5-18"
AUTHENTICATED_USERS="S-1-5-11"
Run:
wbinfo --uid-to-sid=3001
wbinfo --sid-to-name= ( result of 3001 uid-to-sid)
Also test gid-to-sid
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Christian via samba
> Verzonden: dinsdag 21 januari 2020 14:51
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] wbinfo -r reports strange gids on AD member
>
> Dear list,
>
> on a unix domain member, I get
>
> root at member:~# wbinfo -r some_user
> 10513
> 10020
> 10018
> 10517
> 10206
> 10220
> 3001
>
> However, GID 3001 does not exist in our AD... On the other hand, GID
> 10559 (corresponding to some_group) appears to be missing
> from the list.
> Also, getent group some_group reports some_user as member. On other
> domain members, no issue, just two of them. This is debian buster with
> Louis's 4.10.11 packages. The winbindd related parts of smb.conf are:
>
> winbind expand groups = 2
> security = ADS
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
> winbind nss info = ad
> winbind refresh tickets = yes
> kerberos method = system keytab
> idmap config * : backend = tdb
> idmap config * : range = 3000 - 7999
> idmap config XXX:backend = ad
> idmap config XXX:schema_mode = rfc2307
> idmap config XXX:range = 10000 - 999999
> idmap config XXX:unix_nss_info = yes
> idmap config XXX:unix_primary_group = yes
> username map = /etc/samba/user.map
>
> Not sure what to make of this... I would be grateful for any hints on
> how to debug this... Best wishes,
>
> Christian
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list