Re: [Samba] winbind finds all domain users except Administrator
- Date: Mon, 13 Nov 2017 22:03:24 +0000
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] winbind finds all domain users except Administrator
On Mon, 13 Nov 2017 22:34:16 +0100
Fabian Fritz via samba <samba@xxxxxxxxxxxxxxx> wrote:
> I have a samba 4.7 DC (Red Hat) and a Solaris 10 Member (also 4.7.0).
> I started winbindd and can get all users in my domain via "getent
> passwd" except MYDOM\Administrator. I can get it via wbinfo however:
> # wbinfo -n "MYDOM\Administrator"
> S-1-5-21-.......-500 SID_USER (1)
> In the winbind log with log level = 10, when I do getent passwd
> "MYDOM\Administrator I always see this:
> [2017/11/13 18:27:25.255682, 5]
> Could not convert S-1-5-21-.......-500: NT_STATUS_NO_SUCH_USER
> I have the idmap configured like this:
> idmap config MYDOM : backend = ad
> idmap config MYDOM : range = 100 - 60000
This range means you cannot have ANY local Unix users, what happens if
something goes wrong and you need to log in as a local user ??
You also seem to be missing a line:
idmap config MYDOM : schema_mode = rfc2307
None of this has anything to do with your problem, mainly because you
do not have a problem ;-)
You should not be able to log into a Unix domain member as
Administrator, you should map Administrator to 'root' in a user.map and
then log in as root if need be.
To unsubscribe from this list go to the following URL and read the