Danilo Godec
2010-Jul-26 13:01 UTC
[Samba] wbinfo -u and -g work, wbinfo -s works only for some users
Got a problem after upgrading Samba from 3.0 to 3.5 - have a bunch of users and groups in LDAP and things work for the most part. However, when people try to change permissions from within Windows, some usernames or groupnames are shown properly, but other are not - they see the SID. Following up I noticed, that I can get a list of all users with 'wbinfo -u' and that I can get a SID for every user with 'wbinfo -n $USER'. However, for about 70% of all SIDs listed a 'reverse lookup' with 'wbinf -s $SID' doesn't work:> S-1-5-21-239950015-4237961228-1280988766-3060 Could not lookup sid > S-1-5-21-239950015-4237961228-1280988766-3060It works for some and it turns out that this relates to what usernames are visible in Windows... I checked my LDAP and compared some of the users that work to some of those that don't, but there are no apparent differences. Any ideas? Regards, Danilo -- Danilo Godec, sistemska podpora / system administration Predlog! Obiscite prenovljeno spletno stran www.agenda.si ODPRTA KODA IN LINUX STORITVE : POSLOVNE RESITVE : UPRAVLJANJE IT : INFRASTRUKTURA IT : IZOBRAZEVANJE : PROGRAMSKA OPREMA Visit our updated web page at www.agenda.si OPEN SOURCE AND LINUX SERVICES : BUSINESS SOLUTIONS : IT MANAGEMENT : IT INFRASTRUCTURE : TRAINING : SOFTWARE
Jason Gerfen
2010-Jul-26 13:54 UTC
[Samba] wbinfo -u and -g work, wbinfo -s works only for some users
Here is a document and perl script I developed to resolve UID to SID mappings in Samba Active Directory authentication. http://zerointeger.tumblr.com/post/589762841/samba-and-active-directory Let me know if that helps any. On 07/26/10 07:01, Danilo Godec wrote:> Got a problem after upgrading Samba from 3.0 to 3.5 - have a bunch of > users and groups in LDAP and things work for the most part. > > However, when people try to change permissions from within Windows, some > usernames or groupnames are shown properly, but other are not - they see > the SID. > > Following up I noticed, that I can get a list of all users with 'wbinfo > -u' and that I can get a SID for every user with 'wbinfo -n $USER'. > > However, for about 70% of all SIDs listed a 'reverse lookup' with 'wbinf > -s $SID' doesn't work: > > >> S-1-5-21-239950015-4237961228-1280988766-3060 Could not lookup sid >> S-1-5-21-239950015-4237961228-1280988766-3060 >> > It works for some and it turns out that this relates to what usernames > are visible in Windows... > > I checked my LDAP and compared some of the users that work to some of > those that don't, but there are no apparent differences. > > Any ideas? > > Regards, Danilo > > > >