[Samba] Failed to convert SID to a UID

Dale Renton drenton at gmail.com
Sat Jun 10 14:07:21 UTC 2023

On Sun, Jun 4, 2023 at 11:56 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> Not really, wbinfo reads directly from AD, getent goes via nsswitch.
> For getent to work using the 'ad' idmap backend, a few things have to
> fall into place:
> You have to set the correct relevant lines in smb.conf.
> You have have to give the Domain Users group a gidNUmber, or if using
> 'idmap config WORKGROUP : unix_primary_group = yes', that the relevant
> group has a gidNumber.
> You give the user a uidNumber and if using 'unix_primary_group' the
> relevant groups gidNumber
> All Numbers used for the uidNumber & gidNumber attributes must be inside
> the range you set for the 'WORKGROUP' in smb.conf
> Usually when a user doesn't get a UID, one of the above isn't correct.

I think I have all the settings configured properly, plus it works with
4.16, but not 4.17.  4.17 is working for Christian though.


    security = ads
    workgroup = EXAMPLEAD
    realm = AD.EXAMPLE.COM
    local master = no
    idmap config *:backend = tdb
    idmap config *:range = 100000-199999
    idmap config EXAMPLEAD:backend = ad
    idmap config EXAMPLEAD:schema_mode = rfc2307
    idmap config EXAMPLEAD:range = 512-99999
    idmap config EXAMPLEAD:unix_nss_info = yes
    idmap config EXAMPLEAD:unix_primary_group = yes
    winbind use default domain = yes
    winbind refresh tickets = yes
    winbind offline logon = yes
    winbind nss info = rfc2307
    kerberos method = system keytab
    dedicated keytab file = /etc/krb5.keytab
    create krb5 conf = no
    map to guest = Bad User

samba-tool user show dale
  primaryGroupID: 513
  uid: dale
  uidNumber: 10000
  gidNumber: 513

samba-tool group show "Domain Users"
  gidNumber: 513


More information about the samba mailing list