[Samba] samba-tool domain join: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
Michael Tokarev
mjt at tls.msk.ru
Mon Oct 31 15:03:58 UTC 2022
31.10.2022 17:52, Michael Tokarev via samba пишет:
> Found it.
>
> # tdb -D /var/lib/samba/winbindd_idmap.tdb
> GID\s5004\0 S-1-5-7\0
> S-1-5-11\0 GID\s5002\0
> S-1-5-18\0 GID\s5003\0
> USER\sHWM\0 \x88\x13\0\0
> S-1-5-7\0 GID\s5004\0
> GID\s5000\0 S-1-1-0\0
> GID\s5001\0 S-1-5-2\0
> GID\s5002\0 S-1-5-11\0
> S-1-1-0\0 GID\s5000\0
> S-1-5-2\0 GID\s5001\0
> GROUP\sHWM\0 \x8d\x13\0\0
> GID\s5003\0 S-1-5-18\0
> IDMAP_VERSION\0 \x02\0\0\0
>
> Here are the first 4 or so entries from the 5000..50099
> range allocated during first year of operations.
# getent group 5000 5001 5002 5003 5004
BUILTIN\administrators:x:5000:
NT Authority\network:x:5001:
BUILTIN\guests:x:5002:
NT Authority\system:x:5003:
NT Authority\anonymous logon:x:5004:
I was looking in the wrong category: it is group not user,
so getent group, not getent passwd.
And this is why nss lookup fails when you don't configure
idmap config * entries. To me, when I first come across
these, it looked unnecessary to have "*" entries, because
the description somewhere near that was about "other domains"
which I don't have. I thought I'll add them once I will
really have some "other" domains. But it didn't work.
It is a good find really, there's once mystery less about
samba now.
Thanks!
/mjt
More information about the samba
mailing list