[Samba] Fwd: samba-gpupdate nsswitch error

Kees van Vloten keesvanvloten at gmail.com
Tue Mar 14 10:16:28 UTC 2023


Op 14-03-2023 om 11:05 schreef Rowland Penny via samba:
>
>
> On 14/03/2023 09:38, Christian Naumer via samba wrote:
>> Am 14.03.23 um 10:31 schrieb Kees van Vloten via samba:
>>> I guess the uid is required because a GPO is a file (and something 
>>> in LDAP). The file is retrieved form the sysvol share and in order 
>>> to deal with file permissions on Linux you get identified on the 
>>> filesytem withself with a uid (and gid). In this case it is the 
>>> computer-account that retrieves the file, at least that is my 
>>> assumption 😄
>>
>>
>> That is correct. However, GPOs are normally on a DC and there a 
>> computer has a uid (or xid or whatever it is called). That why a DC 
>> does this differently.
>>
>>
>> Regards
>>
>> Christian
>>
>>
>
> From my testing, this is correct, until you try to use a SID with 
> getent and then nothing is returned and the you get the error message:
>
> add_local_groups: SID S-1-5-21-2112549936-2540803609-4198596461-1600 
> -> getpwuid(3000148) failed, is nsswitch configured?
>
> I get the feeling that if the SID could be changed for the computer 
> name or Unix ID, it would work.
>
> Rowland
>
I use rfc2307 and I remember I had to assign uid/gid to computer objects 
at one point to get rid of different but also similar kind of errors 
(check ml 14-04-2022), these were the messages:

smbd[15370]: [2022/04/14 14:32:56.556685,  0] 
../../source3/auth/auth_util.c:1928(check_account)
smbd[15370]:   check_account: Failed to convert SID 
S-1-5-21-3042323961-424325435-1432587418-1234 to a UID 
(dom_user[SAMDOM\computer01$])






More information about the samba mailing list