[Samba] samba-tool domain join: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
mjt at tls.msk.ru
Mon Oct 31 14:52:36 UTC 2022
31.10.2022 17:25, Michael Tokarev via samba wrote:
>>> This is interesting. So far I don't see any uids used in there. At least
>>> getent passwd 5000..50099 return nothing (while getent passwd 1006 does
>>> return mjt-adm info). What these user IDS are used for, and when?
>> Microsoft has the concept of Well Known SIDs and there are nearly 200 of these, they are mapped on a first come basis in the default '*' domain .tdb
>> file, there also need to to be space for anything outside your main domain e.g. another domain.
> Are these 200 actually being used in a domain member? I especially
> assigned a relatively low range to see what goes in there, in a
> first come basis, and there's nothing in there still (after almost
> a year of this AD domain operations). Maybe my setup is somehow
> wrong and these required entries aren't being written? How to
> debug with lack of entries in this "other" range?
# tdb -D /var/lib/samba/winbindd_idmap.tdb
Here are the first 4 or so entries from the 5000..50099
range allocated during first year of operations.
Why is 99 too low?
More information about the samba