[Samba] Very strange: Samba is unable to access one of its own files
Kees van Vloten
keesvanvloten at gmail.com
Tue Nov 12 14:13:26 UTC 2024
Op 12-11-2024 om 15:06 schreef John R. Graham:
>
> On 11/12/24 08:00, Kees van Vloten via samba wrote:
>>
>> Op 12-11-2024 om 10:52 schreef Rowland Penny via samba:
>>> It looks like nss isn't set up on the DC, so '3000000' isn't being
>>> mapped to 'BUILTIN\administrators'
>> That is easy enough, just run:
>>
>> ldbsearch -H /var/lib/samba/private/idmap.ldb
>>
>> If you have multiple DCs, you have to sync this file manually between
>> them, check https://wiki.samba.org/index.php/SysVol_replication_(DFS-R)
>>
>> - Kees
>>
>>>
>>> It would be interesting to know who ID '3000021' is, because that is
>>> the user being denied access to sysvol.
>>>
>>> Rowland
>>>
>>
> With $(ldbsearch -H /var/lib/samba/private/idmap.ldb
> xidNumber=3000021), I get:
>
> # record 1
> dn: CN=S-1-5-21-1539267136-1287424283-733021607-1108
> cn: S-1-5-21-1539267136-1287424283-733021607-1108
> objectClass: sidMap
> objectSid: S-1-5-21-1539267136-1287424283-733021607-1108
> type: ID_TYPE_BOTH
> xidNumber: 3000021
> distinguishedName: CN=S-1-5-21-1539267136-1287424283-733021607-1108
>
> but I don't know how to map that to a machine. Meanwhile, I'm reading
> up on the idmap_nss plugin.
This will do the mapping:
ldbsearch -H /var/lib/samba/private/sam.ldb
'(objectSid=S-1-5-21-1539267136-1287424283-733021607-1108)' samaccountname
- Kees.
>
> - John
>
>
More information about the samba
mailing list