[Samba] Very strange: Samba is unable to access one of its own files
Rowland Penny
rpenny at samba.org
Tue Nov 12 14:31:11 UTC 2024
On Tue, 12 Nov 2024 15:13:26 +0100
Kees van Vloten via samba <samba at lists.samba.org> wrote:
>
> Op 12-11-2024 om 15:06 schreef John R. Graham:
> >
> > On 11/12/24 08:00, Kees van Vloten via samba wrote:
> >>
> >> Op 12-11-2024 om 10:52 schreef Rowland Penny via samba:
> >>> It looks like nss isn't set up on the DC, so '3000000' isn't being
> >>> mapped to 'BUILTIN\administrators'
> >> That is easy enough, just run:
> >>
> >> ldbsearch -H /var/lib/samba/private/idmap.ldb
> >>
> >> If you have multiple DCs, you have to sync this file manually
> >> between them, check
> >> https://wiki.samba.org/index.php/SysVol_replication_(DFS-R)
> >>
> >> - Kees
> >>
> >>>
> >>> It would be interesting to know who ID '3000021' is, because that
> >>> is the user being denied access to sysvol.
> >>>
> >>> Rowland
> >>>
> >>
> > With $(ldbsearch -H /var/lib/samba/private/idmap.ldb
> > xidNumber=3000021), I get:
> >
> > # record 1
> > dn: CN=S-1-5-21-1539267136-1287424283-733021607-1108
> > cn: S-1-5-21-1539267136-1287424283-733021607-1108
> > objectClass: sidMap
> > objectSid: S-1-5-21-1539267136-1287424283-733021607-1108
> > type: ID_TYPE_BOTH
> > xidNumber: 3000021
> > distinguishedName: CN=S-1-5-21-1539267136-1287424283-733021607-1108
> >
> > but I don't know how to map that to a machine. Meanwhile, I'm
> > reading up on the idmap_nss plugin.
>
> This will do the mapping:
>
> ldbsearch -H /var/lib/samba/private/sam.ldb
> '(objectSid=S-1-5-21-1539267136-1287424283-733021607-1108)'
> samaccountname
>
Even easier:
wbinfo -s S-1-5-21-1539267136-1287424283-733021607-1108
Also can you ensure that you post to the list, it appears you sent your
last post to Kees.
Rowland
More information about the samba
mailing list