Which samba version?
I had Samba 3.0.x on Solaris 10, and winbind able to allocate uids and
gids to users and groups from trusted domain (at least to Windows 2003
domains in mixed mode.) When I switched to a Samba 3.4.x PDC the
allocation of new uids and gids broke. I suspect there is some
configuration change in smb.conf I needed to make that was not obvious
(to me) in the documenation.
I have an ldap backend- but temporarily changing to a TDB backend
didn't help.
I worked around this by manually allocating uids and gids. With ldap
you can do this with an ldap editor. But you can also use the wbinfo
command to manuallly create uid-to-sid or gid-to-sid mappings with ldap
or tdb backend.
It isn't really a long term solution but fortunately account
additions/deletions are minimal where I work.
I did have idmap entries in smb.conf for each domain I wanted to trust,
in addition to the entries you listed.
On 06/23/2010 02:24 PM, Rob Moser wrote:
I have a problem where I can't browse to a samba share from Windows
(Server 2008); instead I get the error:
The group name could not be found
The winbind log contains the message:
could not convert gid 507 to sid
Suspecting a permissions problem, I went and looked at the files and the
group ownership has been set to BUILTIN\guests, which is not what I
want. So I try to chgrp them to the domain group:
chgrp -R 'dss users' /file
chgrp: invalid group `dss users'
But I know that that is the domain group that I want:
wbinfo -g | grep dss
dss users
wbinfo -n 'dss users'
S-1-5-21-2129867641-1992771036-1243820751-107019 Domain Group (2)
But winbind apparently cannot resolve it to a gid:
wbinfo -Y S-1-5-21-2129867641-1992771036-1243820751-107019
Could not convert sid S-1-5-21-2129867641-1992771036-1243820751-107019
to gid
My nsswitch.conf file does list winbind for users and groups. My
smb.conf file contains (in part, obviously):
idmap alloc backend = tdb
idmap alloc config:range = 10000 - 4000000
idmap uid = 10000 - 4000000
idmap gid = 10000 - 4000000
winbind enum users = no
winbind enum groups = no
winbind nested groups = yes
winbind use default domain = yes
So it is using a default domain (the correct one; I checked) and I'm not
just running out of gids. My various /var/log/samba/log.* files contain
almost exactly nothing from the time of the transaction.
Any help appreciated,
- rob.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
