[Samba] wbinfo -r reports strange gids on AD member
Rowland penny
rpenny at samba.org
Tue Jan 21 14:24:20 UTC 2020
On 21/01/2020 13:50, Christian via samba wrote:
> Dear list,
>
> on a unix domain member, I get
>
> root at member:~# wbinfo -r some_user
> 10513
> 10020
> 10018
> 10517
> 10206
> 10220
> 3001
>
> However, GID 3001 does not exist in our AD...
Well, no it wouldn't, it is being mapped with this:
idmap config * : range = 3000 - 7999
It is one of the Well Known Sids
> On the other hand, GID
> 10559 (corresponding to some_group) appears to be missing from the list.
> Also, getent group some_group reports some_user as member. On other
> domain members, no issue, just two of them. This is debian buster with
> Louis's 4.10.11 packages.
This could be just down to the users not having logged in.
> The winbindd related parts of smb.conf are:
Please don't post what you think is relevant, post the entire smb.conf ;-)
>
> winbind expand groups = 2
> security = ADS
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
> winbind nss info = ad
The 'winbind nss info' isn't used any more and it doesn't have a value
'ad'.
> winbind refresh tickets = yes
> kerberos method = system keytab
> idmap config * : backend = tdb
> idmap config * : range = 3000 - 7999
> idmap config XXX:backend = ad
> idmap config XXX:schema_mode = rfc2307
> idmap config XXX:range = 10000 - 999999
> idmap config XXX:unix_nss_info = yes
> idmap config XXX:unix_primary_group = yes
> username map = /etc/samba/user.map
What is in the 'user.map' ?
Rowland
More information about the samba
mailing list