[Samba] idmap_ad: sid to uid conversion fails

S Murthy Kambhampaty smk_va at yahoo.com
Wed Sep 22 17:19:58 GMT 2004 

I have two boxes on which I am trying to get idmap_ad 
(from xad_oss_plugins) to provide uid/gid mapping, and
am getting the error:
"Could not convert sid <sid of some_user> to uid"


The story so far goes like this:
Without the line 
"idmap backend = ad:ldap://<PDC's FQDN>/" in smb.conf,
I can successfully do all of: 
#> wbinfo -S $(wbinfo -n some_user | awk '{print
$1}')"
#> getent passwd | grep some_user
#> net ads search '(objectCategory=user)' \
	sAMAccountName msSFU30GidNumber msSFU30UidNumber | \
	grep -A2 some_user


However, if I add the line 
"idmap backend = ad:ldap://<PDC's FQDN>/" to smb.conf
and I do:
#> wbinfo -S $(wbinfo -n some_user | awk '{print
$1}')"
I get the following error:
"Could not convert sid <sid of some_user> to uid"

The winbindd log does not seem to indicate any
installation problems (I have attached the log lines
for the command "wbinfo -S <sid of some_user>" for a
failed and a successful request respectively.).

The domain is a Win2K native domain; LDAP anonymous
access is not permitted.
The two machines on which I have tried are (i) Redhat
8.0 upgraded to kernel 2.6.6 with Samba-3.0.5 (from
samba.org) and (ii) Fedora Core 2 with kernel 2.6.8
and samba-3.0.7 (from up2date).  In both cases,
idmap_ad
was compiled by: downloading the samba source tarball,
compiling with options from the specfile of the
installed rpms, manually building the idmap plugin
according to the instructions in the
"~/idmap_ad/README" file.


I'd like to idmap_ad working, as the ldap backend is
an awfully cumbersome alternative.

Thanks,
	Murthy



Lines from the winbind log for the failed request are:
[2004/09/22 12:10:32, 6]
nsswitch/winbindd.c:new_connection(343)
  accepted socket 22
[2004/09/22 12:10:32, 10]
nsswitch/winbindd.c:winbind_client_read(458)
  client_read: read 1824 bytes. Need 0 more for a full
request.
[2004/09/22 12:10:32, 10]
nsswitch/winbindd.c:process_request(308)
  process_request: request fn INTERFACE_VERSION
[2004/09/22 12:10:32, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
  [ 8303]: request interface version
[2004/09/22 12:10:32, 10]
nsswitch/winbindd.c:client_write(512)
  client_write: wrote 1300 bytes.
[2004/09/22 12:10:32, 10]
nsswitch/winbindd.c:winbind_client_read(458)
  client_read: read 1824 bytes. Need 0 more for a full
request.
[2004/09/22 12:10:32, 10]
nsswitch/winbindd.c:process_request(308)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2004/09/22 12:10:32, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
  [ 8303]: request location of privileged pipe
[2004/09/22 12:10:32, 10]
nsswitch/winbindd.c:client_write(512)
  client_write: wrote 1300 bytes.
[2004/09/22 12:10:32, 10]
nsswitch/winbindd.c:client_write(557)
  client_write: need to write 35 extra data bytes.
[2004/09/22 12:10:32, 10]
nsswitch/winbindd.c:client_write(512)
  client_write: wrote 35 bytes.
[2004/09/22 12:10:32, 10]
nsswitch/winbindd.c:client_write(546)
  client_write: client_write: complete response
written.
[2004/09/22 12:10:32, 6]
nsswitch/winbindd.c:new_connection(343)
  accepted socket 25
[2004/09/22 12:10:32, 10]
nsswitch/winbindd.c:winbind_client_read(458)
  client_read: read 0 bytes. Need 1824 more for a full
request.
[2004/09/22 12:10:32, 5]
nsswitch/winbindd.c:winbind_client_read(465)
  read failed on sock 22, pid 8303: EOF
[2004/09/22 12:10:32, 10]
nsswitch/winbindd.c:winbind_client_read(458)
  client_read: read 1824 bytes. Need 0 more for a full
request.
[2004/09/22 12:10:32, 10]
nsswitch/winbindd.c:process_request(308)
  process_request: request fn SID_TO_UID
[2004/09/22 12:10:32, 3]
nsswitch/winbindd_sid.c:winbindd_sid_to_uid(128)
  [ 8303]: sid to uid <sid of some_user>
[2004/09/22 12:10:32, 1]
nsswitch/winbindd_sid.c:winbindd_sid_to_uid(200)
  Could not get uid for sid <sid of some_user>
[2004/09/22 12:10:32, 10]
nsswitch/winbindd.c:client_write(512)
  client_write: wrote 1300 bytes.
[2004/09/22 12:10:32, 10]
nsswitch/winbindd.c:winbind_client_read(458)
  client_read: read 0 bytes. Need 1824 more for a full
request.
[2004/09/22 12:10:32, 5]
nsswitch/winbindd.c:winbind_client_read(465)
  read failed on sock 25, pid 8303: EOF

  
Lines from the winbind log for the successful request
(without
the "idmap backend" stanza in smb.conf) are:
[2004/09/22 12:16:38, 6]
nsswitch/winbindd.c:new_connection(343)
  accepted socket 19
[2004/09/22 12:16:38, 10]
nsswitch/winbindd.c:winbind_client_read(458)
  client_read: read 1824 bytes. Need 0 more for a full
request.
[2004/09/22 12:16:38, 10]
nsswitch/winbindd.c:process_request(308)
  process_request: request fn INTERFACE_VERSION
[2004/09/22 12:16:38, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
  [ 8466]: request interface version
[2004/09/22 12:16:38, 10]
nsswitch/winbindd.c:client_write(512)
  client_write: wrote 1300 bytes.
[2004/09/22 12:16:38, 10]
nsswitch/winbindd.c:winbind_client_read(458)
  client_read: read 1824 bytes. Need 0 more for a full
request.
[2004/09/22 12:16:38, 10]
nsswitch/winbindd.c:process_request(308)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2004/09/22 12:16:38, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
  [ 8466]: request location of privileged pipe
[2004/09/22 12:16:38, 10]
nsswitch/winbindd.c:client_write(512)
  client_write: wrote 1300 bytes.
[2004/09/22 12:16:38, 10]
nsswitch/winbindd.c:client_write(557)
  client_write: need to write 35 extra data bytes.
[2004/09/22 12:16:38, 10]
nsswitch/winbindd.c:client_write(512)
  client_write: wrote 35 bytes.
[2004/09/22 12:16:38, 10]
nsswitch/winbindd.c:client_write(546)
  client_write: client_write: complete response
written.
[2004/09/22 12:16:38, 6]
nsswitch/winbindd.c:new_connection(343)
  accepted socket 20
[2004/09/22 12:16:38, 10]
nsswitch/winbindd.c:winbind_client_read(458)
  client_read: read 0 bytes. Need 1824 more for a full
request.
[2004/09/22 12:16:38, 5]
nsswitch/winbindd.c:winbind_client_read(465)
  read failed on sock 19, pid 8466: EOF
[2004/09/22 12:16:38, 10]
nsswitch/winbindd.c:winbind_client_read(458)
  client_read: read 1824 bytes. Need 0 more for a full
request.
[2004/09/22 12:16:38, 10]
nsswitch/winbindd.c:process_request(308)
  process_request: request fn SID_TO_UID
[2004/09/22 12:16:38, 3]
nsswitch/winbindd_sid.c:winbindd_sid_to_uid(128)
  [ 8466]: sid to uid <sid of some_user>
[2004/09/22 12:16:38, 10]
nsswitch/winbindd.c:client_write(512)
  client_write: wrote 1300 bytes.
[2004/09/22 12:16:38, 10]
nsswitch/winbindd.c:winbind_client_read(458)
  client_read: read 0 bytes. Need 1824 more for a full
request.
[2004/09/22 12:16:38, 5]
nsswitch/winbindd.c:winbind_client_read(465)
  read failed on sock 20, pid 8466: EOF



		
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com

More information about the samba mailing list