Sathishkannan Subramanian
2021-Nov-01 20:09 UTC
[Samba] Winbind- - AD - Could not convert SID.
Hi Team, I am new to this samba setup. I have tried to look at other threads before sending this email. Need your help on fixing the winbind getent passwd lookup failure. ==> log.winbindd <=[2021/11/01 18:56:34.044601, 5] ../../source3/winbindd/winbindd_getpwnam.c:143(winbindd_getpwnam_recv) Could not convert sid S-1-5-21-1321146746-398570720-1072455624-2073: NT_STATUS_NO_SUCH_USER [2021/11/01 18:56:34.044780, 6] ../../source3/winbindd/winbindd.c:969(winbind_client_request_read) closing socket 26, client exited Samba version: Version 4.10.4 OS: RHEL 7.5 smb.conf: kerberos method = system keytab template homedir = /home/%U template shell = /bin/bash realm = SYCAMORE.DEV.ORG log level = 9 idmap config DOMAIN : schema_mode = rfc2307 #idmap config DOMAIN : range = 500-999999 idmap config DOMAIN : range = 10000-999999 idmap config DOMAIN : backend = ad #idmap config * : range = 10000000-10999999 idmap config * : range = 500-999999 idmap config * : backend = tdb idmap config DOMAIN : unix_nss_info = no winbind use default domain = yes winbind refresh tickets = yes winbind offline logon = yes winbind enum groups = yes winbind enum users = yes client ldap sasl wrapping = plain #winbind nss info = rfc2307 $ getent group is working as expected. I could see the AD groups. Thanks & Regards, Sathish S.
On Tue, 2021-11-02 at 01:39 +0530, Sathishkannan Subramanian via samba wrote:> Hi Team, > > I am new to this samba setup. I have tried to look at other threads > before > sending this email. Need your help on fixing the winbind getent > passwd > lookup failure. > > ==> log.winbindd <=> [2021/11/01 18:56:34.044601, 5] > ../../source3/winbindd/winbindd_getpwnam.c:143(winbindd_getpwnam_recv > ) > Could not convert sid S-1-5-21-1321146746-398570720-1072455624- > 2073: > NT_STATUS_NO_SUCH_USER > [2021/11/01 18:56:34.044780, 6] > ../../source3/winbindd/winbindd.c:969(winbind_client_request_read) > closing socket 26, client exited > > Samba version: Version 4.10.4 > > OS: RHEL 7.5 > > smb.conf: > > kerberos method = system keytab > template homedir = /home/%U > template shell = /bin/bash > realm = SYCAMORE.DEV.ORG > log level = 9 > idmap config DOMAIN : schema_mode = rfc2307 > #idmap config DOMAIN : range = 500-999999 > idmap config DOMAIN : range = 10000-999999 > idmap config DOMAIN : backend = ad > #idmap config * : range = 10000000-10999999 > idmap config * : range = 500-999999 > idmap config * : backend = tdb > idmap config DOMAIN : unix_nss_info = no > winbind use default domain = yes > winbind refresh tickets = yes > winbind offline logon = yes > winbind enum groups = yes > winbind enum users = yes > client ldap sasl wrapping = plain > #winbind nss info = rfc2307 > > > $ getent group is working as expected. I could see the AD groups.You surprise me. You appear to be trying to use the winbind 'ad' backend, have you added any RFC2307 attributes to AD ( uidNumber etc) ? Try reading these: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member https://wiki.samba.org/index.php/Idmap_config_ad https://wiki.samba.org/index.php/Idmap_config_rid Rowland