[Samba] Upgrade Samba AD from 4.3 to 4.7 - ID mapping failure

Ben Curtis samba at nosolutions.com
Thu May 11 21:59:24 UTC 2023 

Hi all,

I am trying to upgrade my Samba 4.3 AD to a Samba 4.7 AD, and am having
some problems with ID mapping.

My smb.conf file has been updated as per the documentation (
https://wiki.samba.org/index.php/Updating_Samba and https://wiki.samba.
org/index.php/Idmap_config_ad). A copy of it is linked below.

When running:

`ldbedit -H /var/lib/samba/private/sam.ldb 'samaccountname=myuser'`

(or with domain users) there are no uidNumber
or gidNumber in my AD. I have tried adding them.  The AD was supplying
ids, however, as `id` as a logged in user in Ubuntu shows:

`uid=385601105(myuser) gid=385600513(domain users)
groups=385600513(domain users)`

While systems using LDAP seem to be working with the new AD controller,
`wbinfo` is failing. For instance see below. The logs linked are all
debug log level 5.

```
~$ net cache flush && wbinfo -i myuser
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user testing
~$ net cache flush && wbinfo -n myuser
S-1-5-21-1057597257-2002501470-2521000767-1105 SID_USER (1)
~$ net cache flush && wbinfo -s S-1-5-21-1057597257-2002501470-
2521000767-1105
CORP\myuser 1
~$ net cache flush && wbinfo --user-sidinfo S-1-5-21-1057597257-
2002501470-2521000767-1105
failed to call wbcGetpwsid: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user sid S-1-5-21-1057597257-2002501470-
2521000767-1105
```

You can see from the output that I'm getting the errors that seem to
usually come from no gid/uid in objects. The logs show errors for user
lookup such as `NT_STATUS_NO_SUCH_USER`. I have tried hardcoding in
`uidNumber` and `gidNumber` into myuser and Domain Users with `ldbedit`
but no luck there.

Any help would be appreciated.

smb.conf: https://www.dropbox.com/s/iu2hx2q32fi851h/smb.conf.txt?dl=0
wbinfo -i myuser log: 
https://www.dropbox.com/s/zzb2ixlj41amu3v/wbinfo_-i_myuser.txt?dl=0
wbinfo -n myuser log: 
https://www.dropbox.com/s/dwpv6mz45su172k/wbinfo%20-n%20myuser.txt?dl=0
wbinfo -s S-1-5-21-1057597257-2002501470-2521000767-1105 log: 
https://www.dropbox.com/s/kd03sn39gf3whhj/wbinfo%20-s%20sid.txt?dl=0
wbinfo -s S-1-5-21-1057597257-2002501470-2521000767-1105 log: 
https://www.dropbox.com/s/1q1wfqbeg7bc63m/wbinfo_--user-sidinfo_sid.txt?dl=0

Thanks,
Ben

More information about the samba mailing list