When putting winbindd(8) into debug mode I finally saw the following:
id S-1-5-21-1957994488-1326574676-725345543-35301 is neither ours, a Unix
SID, nor builtin
error converting unix gid to sid
The hard part was identifying what part of the puzzle I needed to debug in the
first place! Was it AD? NSS? PAM? Winbind? Samba? ACLs ?
Solution:
Well that was easy when I actually knew the problem. Increase my idmap_rid
range.
From:
idmap config dsto:range = 10000-20000
To:
idmap config dsto:range = 10000-500000
All works now!
-aW
IMPORTANT: This email remains the property of the Australian Defence
Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT
1914. If you have received this email in error, you are requested to contact
the sender and delete the email.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
