Hi, I tried to analyze the samba* attributes in that LDAP directory, and found some glaring inconsistencies - namely there were 4 pairs of accounts with duplicate sambaSID attributes. Some time after fixing that, and some service restarts, I realized that wbinfo -u started to work on the buster Samba domain member server.
However, the authentication was still broken, based on the users group whose gitNumber was the default for all users. I checked LDAP and saw its cn=users entry wasn't a sambaGroup*, so I made it one because that seemed inconsistent. Sadly, that still didn't help. When I try to look up a user, it says: % sudo wbinfo -i joy failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user joy The log says: [2020/10/15 06:07:13.320974, 3] ../source3/winbindd/winbindd_misc.c:419(winbindd_interface_version) [24581]: request interface version (version = 30) [2020/10/15 06:07:13.321216, 3] ../source3/winbindd/winbindd_getpwnam.c:58(winbindd_getpwnam_send) getpwnam joy [2020/10/15 06:07:13.321898, 5] ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv) Could not convert sid S-1-22-1-1000: NT_STATUS_INVALID_PARAMETER Looks like it wants a domain SID S-1-22-1, which I don't actually recognize from my LDAP... Further down the line, I also enabled more debugging, and observed messages like these: [2020/10/15 08:00:57.669098, 3, pid=29639, effective(0, 0), real(0, 0)] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp) string_to_sid: SID root is not in a valid format [2020/10/15 08:00:57.669313, 3, pid=29639, effective(0, 0), real(0, 0)] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp) string_to_sid: SID @users is not in a valid format I guess I'm gonna have to UTSL to figure that one out -- Josip Rodin