Web lists-archives.com

Re: [Samba] wbinfo not resolving SID to username




On Mon, 2 Jul 2018 12:16:42 +0200
"Ing. Claudio Nicora via samba" <samba@xxxxxxxxxxxxxxx> wrote:

> I suspect there's something wrong in wbinfo on a freshly installed
> Samba AD Domain Controller on Ubuntu 18.04 server.
> wbinfo does not resolve Windows SID to usernames:
> 
> # wbinfo -S S-1-5-21-299502267-616249376-1417001333-14107
> 3000103
> 
> I should see "SAMDOM\username" instead of "3000103", right?

Not necessarily ;-)

On a DC, idmap.ldb is used to map AD users & groups to 'xidNumbers'.
It takes the 'SID-RID' and maps this to the next available number in
the '3000000' range.

Now winbind can map some of these xidNumbers to names, but not all and
it will not map any xidNumbers to names if libnss_winbind isn't set up
correctly.


> 
> # samba --version
> Version 4.7.6-Ubuntu
> 
> # cat /etc/samba/smb.conf
> [global]
>          bind interfaces only = Yes
>          interfaces = lo eth_lan
>          netbios name = SRVADDC
>          realm = SAMDOM.LOCAL
>          server role = active directory domain controller
>          server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
> drepl, winbindd, ntp_signd, kcc, dnsupdate
>          workgroup = SAMDOM
>          winbind enum users = yes
>          winbind enum groups = yes
>          winbind use default domain = Yes

You should remove the three 'winbind' lines, you do not need the first
two (and they can slow things down) and the last one does nothing on a
DC.

Rowland
 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba