Web lists-archives.com

[Samba] wbinfo -S SID deliver -1




i have setup a samba server as a AD member. AD: 2012R2

The first day everything was working fine. After restart the Samba Service i had no access to my shares.

getent passwd and getent group deliver the UID and GID : 4294967295:4294967295: by all AD Users

which is -1 (FFFF FFFF)

wbinfo -n user deliver S-1-5-21-4001112740-1724199908-163113746-1106 SID_USER (1) which is correct !

I get from wbinfo -S S-1-5-21-4001112740-1724199908-163113746-1106 as result -1 !

In the Winbind log i get :
i get from the log Parsing value for key [IDMAP/SID2XID/S-1-5-21-4001112740-1724199908-163113746-1106]: value=[-1:N]


The Samba Version is : Version 4.2.14-Debian

My smb.conf is :
 [global]
        netbios name = fs2
        workgroup = XDNT
        security = ADS
        realm = XDNT.DE
        encrypt passwords = yes

        log file = /var/log/samba/log.%m
        log level = 10  #passdp:10 auth:10 winbind:10

# Log auf Datei Zugriff
        vfs object = full_audit recycle acl_xattr
        full_audit:prefix = IP=%I|USER=%u|MACHINE=%m|VOLUME=%S
        full_audit:success = mkdir rename unlink rmdir pwrite
        full_audit:failure = none
        full_audit:facility = local7
#       full_audit:priority = DEBUG
        full_audit:priority = notice

# Log auf Datei löschen
        recycle:repository = /srv/export/samba/recycle
        recycle:subdir_mode = 0770
        recycle:directory_mode = 0770
        recycle:keeptree = Yes
        recycle:versions = Yes
        recycle:touch = Yes
        recycle:touch_mtime = Yes
        recycle:maxsize = 0

        syslog = yes

#idmap config *:backend = tdb
#idmap config *:range = 85000-86000

        idmap config XDNT : backend = ad
        idmap config XDNT : schema_mode = rfc2307
        idmap config XDNT : range = 3000000-4000000

        idmap config XDNT:unix_primary_group = yes

        winbind nss info = rfc2307
        winbind trusted domains only = no
        winbind use default domain = yes
        winbind enum users = yes
        winbind enum groups = yes
        winbind refresh tickets = yes

#       winbind nss info = template
#       template shell = /bin/bash
#       template homedir = /home/%U

        map acl inherit = Yes
        store dos attributes = Yes

        follow symlinks = yes

passdb backend = tdbsam
map untrusted to domain = Yes

username map = /etc/samba/user.map


Some one can help me please ?

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba