[Samba] Samba DC: Unable to convert first SID / NT_STATUS_INVALID_SID
Gyrfalcon
gyrfalcon at ebonfire.com
Sun Nov 7 14:45:54 UTC 2021
On Sunday, November 7th, 2021 at 8:22 AM, Rowland Penny via samba <samba at lists.samba.org> wrote:
> You say this is being caused by a Unix domain member, so can we see the
> smb.conf from this ?
It happens to all of my member servers. They are all configured the same though:
```
[global]
workgroup = PYROCUFFLINK
realm = PYROCUFFLINK.BLUE
security = ads
printing = bsd
printcap name = /dev/null
load printers = no
guest account = nobody
map to guest = Bad User
template homedir = /home/%U
template shell = /bin/bash
idmap config * : backend = tdb
idmap config * : range = 1000000-1000999
idmap config PYROCUFFLINK : backend = ad
idmap config PYROCUFFLINK : range = 3000000-3009999
idmap config PYROCUFFLINK : unix_nss_info = yes
kerberos method = secrets and keytab
winbind nss info = rfc2307
winbind use default domain = yes
winbind offline logon = yes
winbind refresh tickets = no
client ldap sasl wrapping = seal
dns proxy = no
domain master = no
local master = no
preferred master = no
os level = 0
```
Using the `ad` idmap backend, so all the user and group accounts that need to log in to these machines have uidNumber/gidNumber attributes, including Domain Users group.
More information about the samba
mailing list