Re: [Samba] wbinfo not resolving SID to username
- Date: Mon, 2 Jul 2018 13:08:47 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] wbinfo not resolving SID to username
On Mon, 2 Jul 2018 13:41:16 +0200
"Ing. Claudio Nicora" <claudio.nicora@xxxxxxxxx> wrote:
> > Now winbind can map some of these xidNumbers to names, but not all
> > and it will not map any xidNumbers to names if libnss_winbind isn't
> > set up correctly.
> Now I've changed /etc/nsswitch.conf and added "winbind" like this:
> # cat /etc/nsswitch.conf
> passwd: compat systemd winbind
> group: compat systemd winbind
> shadow: compat winbind
you should remove 'winbind' from the shadow line, it isn't required.
> now getfacl shows group names (with some strange chars in them) but
> still not users:
That is all perfectly normal on a Samba AD DC. The only way to get all
users and groups mapped to names, is to use uidNumber & gidNumber
attributes for all users & groups. This is NOT recommended on a DC, this
is because of sysvol, where some groups have also to be users to own
things. This is done in idmap.ldb where groups are mapped to
ID_TYPE_BOTH, if you give the wrong group a gidNumber, it will become
just a group and a group cannot own anything on Linux.
> You're right. I've added them when trying to fix it; they were not
> present at first place.
> PS I've followed this guide step by step:
Just as an aside, I think you will find that 'sysvol' is mostly empty,
you will need to sync it from the DC you joined this one to.
To unsubscribe from this list go to the following URL and read the