[Samba] Account Unknown: SID not resolvable
Rowland Penny
rpenny at samba.org
Thu Nov 16 18:28:14 UTC 2023
On Thu, 16 Nov 2023 13:14:56 -0500
James Atwell via samba <samba at lists.samba.org> wrote:
> Hello,
>
>
>
> When viewing the Security tab of a user object I find 2
> username/groups that display their SID as opposed to their username
> with Account Unknown. I tried to use 'wbinfo -s' with the SID but
> it's unable to return a result. Using a well know SID works without
> issue.
>
>
>
> At one point this domain used 'idmap_ldb:use rfc2307 = yes' in the
> smb.conf file when it was initially provisioned. It's no longer used
> on any DC and my understanding by removing, GID's will not be
> resolvable and should have no affect on SID's.
>
>
>
> To aid in my troubleshooting, can someone share what security
> usernames and groups are created on a typical new user or group
> account?
>
>
>
> The two sid's I have with an unknown account name are as follows.
>
>
>
> s-1-5-21-940051827-2291820289-3341758437-526
>
> s-1-5-21-940051827-2291820289-3341758437-527
>
>
They are for a couple of groups that I haven't come across (yet)
'Key Admins' and 'Enterprise Key Admins'
This is probably an artefact of you having 'ad dc functional level =
2016' in your DCs smb.conf, Samba hasn't caught up yet.
Rowland
More information about the samba
mailing list