Jiří Černý
2017-Sep-06 09:24 UTC
[Samba] BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
> I feel this all has something to do with the classicupgrade, the command works for me, does 'wbinfo --sid-to-gid="S-1-5-32-544"' work ?Yes. Take a look:wbinfo --sid-to-gid="S-1-5-32-544"15538wbinfo --gid-info=15538 BUILTIN\administrators:x:15538:> I haven't received it yet, but will examine and comment on it when I do.I sent it to <rpenny at samba.org>, so I hope that antispam filters do their job not so hard;) > Yes, but is this set on the computers object in sam.ldb as a gidNumber or in idmap.ldb as a xidNumber ?I mean in ADUC, i didn't inspected databases. I was NIS domain and GIDs in UNIX Attributes tab of ADUC.So it was definetely gidNumber. Stored propably in sam.ldb. Is enough to just set NIS domnain to <none> in ADUC to "clear" GID at groups/users which shouldn't have it?> A gidNumber can be used on any Unix machine in the domain, a xidNumber will only be used on the DC.Finally I got it. Forgive me, sometimes it takes quite long time than my brain assembles all information together:D
Rowland Penny
2017-Sep-06 10:07 UTC
[Samba] BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
On Wed, 06 Sep 2017 11:24:17 +0200 Jiří Černý via samba <samba at lists.samba.org> wrote:>> I feel this all has something to do with the classicupgrade, the >> command works for me, does 'wbinfo --sid-to-gid="S-1-5-32-544"' >> work ?> Yes. Take a look:wbinfo --sid-to-gid="S-1-5-32-544" > 15538wbinfo --gid-info=15538 > BUILTIN\administrators:x:15538: > >> I haven't received it yet, but will examine and comment on it when >> I do.I sent it to <rpenny at samba.org>, so I hope that antispam >> filters do their job not so hard;)>> Yes, but is this set on the >> computers object in sam.ldb as a gidNumber or in idmap.ldb as a >> xidNumber ?> I mean in ADUC, i didn't inspected databases. I was NIS > domain and GIDs in UNIX Attributes tab of ADUC. > So it was definetely gidNumber. Stored propably in sam.ldb.If you don't have any Unix machine (other than the Samba AD DC) you do not need any uidNumber or gidNumber attributes in AD.> > Is enough to just set NIS domnain to <none> in ADUC to "clear" GID at > groups/users which shouldn't have it?No, sorry that will not work.>> A gidNumber can be used on any Unix machine in the domain, a >> xidNumber will only be used on the DC.> Finally I got it. Forgive me, sometimes it takes quite long time than > my brain assembles all information together:D >No problem Rowland
Reasonably Related Threads
- BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
- BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
- BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
- BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
- SOLVED: BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND