[Samba] builtin groups are not mapped by winbind

Anderson Sampaio Mello anderson.sampaio.mello at gmail.com
Fri May 13 05:14:48 UTC 2022


Hello samba team.

I have a samba configured as a member server of a samba4 domain. This
member server is version 4.15.5

The big problem is that the member server winbind does not generate the
gids for some BUILTIN groups, for example:

Account Operators
Server Operators
Backup Operators
Print Operators

But generate the gid to:

Administrators
guests
users

When I run the wbinfo --group-info command to get the mapping the wbinfo
command returns the following:

wbinfo --group-info "BUILTIN\Account Operators"

failed to call wbcGetrnam: WBC_ERR_DOMAIN_NOT_FOUND
could not get info for group BUILTIN\Account Operators

Increasing the samba log level to 5, the following error appears in the log:

could not convert sid S-1-5-32-548 NT_STATUS_NONE_MAPPED

Windbind cannot convert, if I try to convert a SID to GID using the wbinfo
command given below, the error is the same:

wbinfo --sid-to-gid S-1-5-32-548

This is repeated with the informed groups: Account Operators, Server
Operators, Backup Operators and Print Operators

Me smb.conf looks like this in the global section:

[global]
workgroup = COMPANY
netbios name = fileserver
realm = EXAMPLE.LOCAL
security = ads
log file = /usr/local/samba/var/log/samba/fileserver.log
max log size = 2048
log level = 5
idmap config *:backend = tdb
idmap config *:range = 21000-80000
idmap config COMPANY:backend = rid
idmap config COMPANY:range = 1500-14000
shell template = /bin/bash
template homedir = /home/%D/%U

EXEMPLE.LOCAL domain users are mapped without any problems.

The wbinfo -m command returns the following:

wbinfo -m
BUILTIN
FILESERVER
EXAMPLE

the /etc/krb5.conf file looks like this

[libdefaults]
default_realm = EXAMPLE.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true

Do you know what could be causing this behavior?


More information about the samba mailing list