[Samba] Winbind- - AD - Could not convert SID.
Rowland Penny
rpenny at samba.org
Mon Nov 1 20:26:05 UTC 2021
On Tue, 2021-11-02 at 01:39 +0530, Sathishkannan Subramanian via samba
wrote:
> Hi Team,
>
> I am new to this samba setup. I have tried to look at other threads
> before
> sending this email. Need your help on fixing the winbind getent
> passwd
> lookup failure.
>
> ==> log.winbindd <==
> [2021/11/01 18:56:34.044601, 5]
> ../../source3/winbindd/winbindd_getpwnam.c:143(winbindd_getpwnam_recv
> )
> Could not convert sid S-1-5-21-1321146746-398570720-1072455624-
> 2073:
> NT_STATUS_NO_SUCH_USER
> [2021/11/01 18:56:34.044780, 6]
> ../../source3/winbindd/winbindd.c:969(winbind_client_request_read)
> closing socket 26, client exited
>
> Samba version: Version 4.10.4
>
> OS: RHEL 7.5
>
> smb.conf:
>
> kerberos method = system keytab
> template homedir = /home/%U
> template shell = /bin/bash
> realm = SYCAMORE.DEV.ORG
> log level = 9
> idmap config DOMAIN : schema_mode = rfc2307
> #idmap config DOMAIN : range = 500-999999
> idmap config DOMAIN : range = 10000-999999
> idmap config DOMAIN : backend = ad
> #idmap config * : range = 10000000-10999999
> idmap config * : range = 500-999999
> idmap config * : backend = tdb
> idmap config DOMAIN : unix_nss_info = no
> winbind use default domain = yes
> winbind refresh tickets = yes
> winbind offline logon = yes
> winbind enum groups = yes
> winbind enum users = yes
> client ldap sasl wrapping = plain
> #winbind nss info = rfc2307
>
>
> $ getent group is working as expected. I could see the AD groups.
You surprise me.
You appear to be trying to use the winbind 'ad' backend, have you added
any RFC2307 attributes to AD ( uidNumber etc) ?
Try reading these:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
https://wiki.samba.org/index.php/Idmap_config_ad
https://wiki.samba.org/index.php/Idmap_config_rid
Rowland
More information about the samba
mailing list