Samba 3.5.8 on OpenSolaris (SunOS 5.11) Intel platform; gcc 4.2.3; built with "configure --with-winbind --with-krb5 --with-ldap --with-ads" Samba is joined to our Windows-2008 AD domain. Pretty much everything works, except that winbindd can't convert between SIDs and uid/gid: 1. wbinfo -r WIN\\lanz (Returns nothing -- no output) First I obtain my SID from "wbinfo -n WIN\\lanz", then: 2. wbinfo -S <my_SID> Could not convert <my_SID> to uid 3. wbinfo -U 2104 <-- That's my correct Unix numerical uid Could not convert uid 2104 to sid 4. wbinfo -G 37 <-- That's my correct Unix numerical gid Could not convert gid 37 to sid First I obtain my group SID on another machine, then: 5. wbinfo -Y <my_group_SID> Could not convert sid <my_group_SID> to gid These tests were all done with caching disabled on winbindd (-n option). Note that nscd is NOT running (no daemon, service is disabled). Here's the stuff I've tried that works: Forward/reverse DNS kinit/klist getent nslookup -query=SRV _ldap._tcp.dc._msdcs.su.win.stanford.edu nmblookup smbclient -L sestestns1 (from another machine, with anonymous login) net ads testjoin wbinfo -t wbinfo -g wbinfo -u wbinfo --all-domains wbinfo --user-sids wbinfo -n WIN\\lanz wbinfo -s <my_SID> wbinfo --name-to-sid <group_name> wbinfo -D SU Mounting a directory shared by Samba using Kerberos authentication (had to increase NGROUPS_MAX before this would work) I'm hoping someone can suggest where the problem is likely to be, given these examples of what works and what doesn't. I ran "wbinfo -G 37" with winbindd debug level set to 10; here's the end of the log entries I got: [2011/05/12 11:11:49.492068, 10] winbindd/winbindd.c: 593(process_request) process_request: Handling async request 22838:GID_TO_SID [2011/05/12 11:11:49.492094, 3] winbindd/winbindd_gid_to_sid.c: 46(winbindd_gid_to_sid_send) gid_to_sid 37 [2011/05/12 11:11:49.492136, 10] winbindd/winbindd_dual.c: 1309(fork_domain_child) fork_domain_child called without domain. [2011/05/12 11:11:49.493161, 10] winbindd/winbindd_dual.c: 1342(fork_domain_child) Child process 22839 [2011/05/12 11:11:49.495592, 5] winbindd/winbindd_gid_to_sid.c: 82(winbindd_gid_to_sid_recv) Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED [2011/05/12 11:11:49.495627, 10] winbindd/winbindd.c: 655(wb_request_done) wb_request_done[22838:GID_TO_SID]: NT_STATUS_NONE_MAPPED I'm suspicious of the "fork_domain_child called without domain." Also, where did it get the idea to convert S-0-0? Excerpt from our smb.conf [global] section: workgroup = SU realm = SU.WIN.STANFORD.EDU client ntlmv2 auth = yes allow trusted domains = yes lanman auth = Yes client lanman auth = Yes client plaintext auth = Yes preferred master = Auto password server = sudc0.su.win.stanford.edu netbios name = sestestns1 wins server = 171.64.7.155 171.64.7.177 winbind enum groups = yes winbind enum users = yes winbind nested groups = no local master = no dns proxy = Yes name resolve order = lmhosts wins bcast host interfaces = e1000g0 client schannel = No security = ads passdb backend = smbpasswd domain master = auto idmap backend idmap uid = 65001-65500 idmap gid = 210000-310000 -- Kai Lanz Stanford University School of Earth Sciences