Univention Bugzilla – Bug 56334
wbinfo on school memberserver fails
Last modified: 2024-01-15 08:32:37 CET
Environment: School replica UCS5.0-4 with memberserver UCS5.0-3/5.0-4 symptom: School replica: wbinfo -Y S-1-18-1 failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND Could not convert sid S-1-18-1 to gid memberserver: wbinfo -t checking the trust secret for domain SCHEIN via RPC calls failed wbcCheckTrustCredentials(SCHEIN): error code was NT_STATUS_INVALID_SID (0xc0000078) failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR Could not check secret wbinfo -n Administrator failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND Could not lookup name Administrator ------------------ The SID S-1-18-1 is not in the idmap.ldb of the school replica. ----------------- The SID is not found with the filter: '(&(|(objectClass=sambaSamAccount)(objectClass=sambaGroupMapping))(sambaSID=*))' so we should add this object during join on the Server, so that there is an entry for this in the idmap.ldb
I saw this now in an other environment, non school, primary server: Unable to convert SID (S-1-18-1) at index 3 in user token to a GID. Conversion was returned as type 0, full token: [2023/07/21 12:58:34.429331, 0, pid=25052] ../../libcli/security/security_token.c:52(security_token_debug) Security token SIDs (8):
Ticket 2023071821000103 is a non memberserver, non school environment
Created attachment 11145 [details] script to add the special SID
Please note the extended version of the script in Bug 56886 Comment 2.