samba - Jun 2023 - Failed to convert SID to a UID

It works for us with Rocky Linux 8.8 and Samba 4.17.5. DCs are Samba 4.18.2.


Looking at your conf I see this:

I do _not_ have this:

idmap config DOMAIN:unix_primary_group = yes

I have and you don't:

disable netbios = yes
smb ports = 445
server min protocol = SMB2
client min protocol = SMB2

Different:

kerberos method = secrets and keytab


And this is deprecated:

winbind nss info = rfc2307

see here:
https://wiki.samba.org/index.php/Idmap_config_ad

Maybe some things to try. I know another "it works for me" is not
always helpful...



Regards

Christian


Am Mittwoch, dem 31.05.2023 um 10:12 -0300 schrieb Dale Renton via
samba:
> Is anyone using Rocky Linux or AlmaLinux or RHEL 8.8 as a Samba Domain
> Member joined to a Samba Active Directory Domain?
> 
> realm list returns :
> ad.example.com
> ? type: kerberos
> ? realm-name: AD.EXAMPLE.COM
> ? domain-name: ad.example.com
> ? configured: kerberos-member
> ? server-software: active-directory
> ? client-software: winbind
> ? required-package: oddjob-mkhomedir
> ? required-package: oddjob
> ? required-package: samba-winbind-clients
> ? required-package: samba-winbind
> ? required-package: samba-common-tools
> ? login-formats: %U
> ? login-policy: allow-any-login
> 
> /etc/nsswitch.conf
> passwd:???? files winbind systemd
> group:????? files winbind systemd
> 
> Thanks,
> Dale
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL:
<http://lists.samba.org/pipermail/samba/attachments/20230531/2f0bf32c/signature.sig>

Thanks for the suggestions.  I tried them without success.

Strange that wbinfo works but getent does not.


On Wed, May 31, 2023 at 10:55?AM Christian Naumer <
christian.naumer at greyfish.net> wrote:
> It works for us with Rocky Linux 8.8 and Samba 4.17.5. DCs are Samba
> 4.18.2.
>
>
> Looking at your conf I see this:
>
> I do _not_ have this:
>
> idmap config DOMAIN:unix_primary_group = yes
>
> I have and you don't:
>
> disable netbios = yes
> smb ports = 445
> server min protocol = SMB2
> client min protocol = SMB2
>
> Different:
>
> kerberos method = secrets and keytab
>
>
> And this is deprecated:
>
> winbind nss info = rfc2307
>
> see here:
> https://wiki.samba.org/index.php/Idmap_config_ad
>
> Maybe some things to try. I know another "it works for me" is not
always
> helpful...
>
>
>
> Regards
>
> Christian
>
>
> Am Mittwoch, dem 31.05.2023 um 10:12 -0300 schrieb Dale Renton via samba:
> > Is anyone using Rocky Linux or AlmaLinux or RHEL 8.8 as a Samba Domain
> > Member joined to a Samba Active Directory Domain?
> >
> > realm list returns :
> > ad.example.com
> >   type: kerberos
> >   realm-name: AD.EXAMPLE.COM
> >   domain-name: ad.example.com
> >   configured: kerberos-member
> >   server-software: active-directory
> >   client-software: winbind
> >   required-package: oddjob-mkhomedir
> >   required-package: oddjob
> >   required-package: samba-winbind-clients
> >   required-package: samba-winbind
> >   required-package: samba-common-tools
> >   login-formats: %U
> >   login-policy: allow-any-login
> >
> > /etc/nsswitch.conf
> > passwd:     files winbind systemd
> > group:      files winbind systemd
> >
> > Thanks,
> > Dale
>
>