[Samba] Fwd: samba-gpupdate nsswitch error
rpenny at samba.org
Tue Mar 14 11:43:09 UTC 2023
On 14/03/2023 10:35, Christian Naumer via samba wrote:
> Hi everyone.
> Am 14. März 2023 11:25:48 MEZ schrieb Rowland Penny via samba <samba at lists.samba.org>:
>> That is a different message, Samba was trying to map a SID to a uid and failed because there wasn't a uid to map it to, adding a uidNumber attribute fixed that.
>> What I am saying is, if getent can find a uid or gid, it will return it, but there doesn't seem to be code to map a SID to return the uid to getent. If you think about it, why would there be code to do this, SID's are Windows things and until fairly recently, there was no reason for a Unix computer to be a user, in fact, is there a reason now, do GPO's require this ?
> Yes. For access to sysvol a computer needs a uid. A DC does this even if the computer does not have a uid set (AD ID backend).
That makes perfect sense to me, so it looks like Samba needs to be able
map the SID to a name or ID before asking, problem is, it looks like it
can, the error message is:
add_local_groups: SID S-1-5-21-2112549936-2540803609-4198596461-1600 ->
getpwuid(3000148) failed, is nsswitch configured?
If I ask wbinfo for the SID of a DC, I get this:
root at rpidc1:~# wbinfo -n rpidc1$
S-1-5-21-627072207-2265849604-124128874-2600 SID_USER (1)
If I then go the opposite way, I get this:
root at rpidc1:~# wbinfo -S S-1-5-21-627072207-2265849604-124128874-2600
Using that ID (3000025), I get this:
root at rpidc1:~# getent passwd 3000025
So, it works using getent (which I believe uses 'getpwuid' or similar),
this leads me to think that either there may be a bug in 'getpwuid' or
what the error message is saying is true, nsswitch isn't configured.
More information about the samba