[Samba] Problem with Samba as Member to AD

Rowland Penny rpenny at samba.org
Tue Jul 20 10:49:20 UTC 2021


On Tue, 2021-07-20 at 12:36 +0200, Mr Typo wrote:
> Hey Rowland,
> 
> i hope you can help me again. I cant find the error. I did install a
> fresh centos and used the same config as we discussed last week.
> 
> no sssd and no ncsd is configured. i can to a SID to uid lookup, but
> i
> cant lookup uids to SID
> 
> i hope you can help me again, i have no idea where to look..
> 
> best regards
> 
> Typo
> 
> [root at sv2-ftp01p ~]# wbinfo -s S-1-1-0
> \Everyone 5
> [root at sv2-ftp01p ~]# wbinfo -s S-1-5-2
> NT Authority\Network 5
> [root at sv2-ftp01p ~]# wbinfo -u | head -5
> administrator
> gast
> krbtgt
> itxadmin
> itxuser
> [root at sv2-ftp01p ~]# wbinfo --ping-dc
> checking the NETLOGON for domain[PFW] dc connection to
> "sv1-dc01p.pfw.local" succeeded
> [root at sv2-ftp01p ~]# net ads info
> LDAP server: 10.40.130.10
> LDAP server name: sv1-dc01p.pfw.local
> Realm: PFW.LOCAL
> Bind Path: dc=PFW,dc=LOCAL
> LDAP port: 389
> Server time: Tue, 20 Jul 2021 12:14:29 CEST
> KDC server: 10.40.130.10
> Server time offset: 0
> Last machine account password change: Tue, 20 Jul 2021 11:28:26 CEST
> [root at sv2-ftp01p ~]# cat /etc/nsswitch.conf|grep winbi
> passwd:     files winbind systemd
> group:      files winbind systemd
> 
> [root at sv2-ftp01p ~]# id itxadmin
> id: 'itxadmin': no such user
> [root at sv2-ftp01p ~]# getent passwd itxadmin
> [root at sv2-ftp01p ~]# wbinfo -s S-1-5-21-4080695503-475066264-
> 1108356078-1110
> PFW\adadmsar 1
> [root at sv2-ftp01p ~]# id adadmsar
> id: 'adadmsar': no such user
> [root at sv2-ftp01p ~]# wbinfo -i srvadmsar
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND

I think you are missing the 'glue' between nsswitch and AD, on Debian
you would install libpam-winbind libnss-winbind libpam-krb5 and on red-
hat distros you would install winbind-clients

Rowland





More information about the samba mailing list