[Samba] builtin groups are not mapped by winbind
Anderson Sampaio Mello
anderson.sampaio.mello at gmail.com
Fri May 13 05:14:48 UTC 2022
Hello samba team.
I have a samba configured as a member server of a samba4 domain. This
member server is version 4.15.5
The big problem is that the member server winbind does not generate the
gids for some BUILTIN groups, for example:
Account Operators
Server Operators
Backup Operators
Print Operators
But generate the gid to:
Administrators
guests
users
When I run the wbinfo --group-info command to get the mapping the wbinfo
command returns the following:
wbinfo --group-info "BUILTIN\Account Operators"
failed to call wbcGetrnam: WBC_ERR_DOMAIN_NOT_FOUND
could not get info for group BUILTIN\Account Operators
Increasing the samba log level to 5, the following error appears in the log:
could not convert sid S-1-5-32-548 NT_STATUS_NONE_MAPPED
Windbind cannot convert, if I try to convert a SID to GID using the wbinfo
command given below, the error is the same:
wbinfo --sid-to-gid S-1-5-32-548
This is repeated with the informed groups: Account Operators, Server
Operators, Backup Operators and Print Operators
Me smb.conf looks like this in the global section:
[global]
workgroup = COMPANY
netbios name = fileserver
realm = EXAMPLE.LOCAL
security = ads
log file = /usr/local/samba/var/log/samba/fileserver.log
max log size = 2048
log level = 5
idmap config *:backend = tdb
idmap config *:range = 21000-80000
idmap config COMPANY:backend = rid
idmap config COMPANY:range = 1500-14000
shell template = /bin/bash
template homedir = /home/%D/%U
EXEMPLE.LOCAL domain users are mapped without any problems.
The wbinfo -m command returns the following:
wbinfo -m
BUILTIN
FILESERVER
EXAMPLE
the /etc/krb5.conf file looks like this
[libdefaults]
default_realm = EXAMPLE.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
Do you know what could be causing this behavior?
More information about the samba
mailing list