[Samba] Wbinfo -Y couldn't work with idmap_rid for BUILTIN groups
Stefanos Karasavvidis
sk at isc.tuc.gr
Sat Aug 27 07:19:06 GMT 2005
Did you find any solution to this? I'm experiencing a similar problem
with all the builtin groups
sk
Li, Ying (ESG) wrote:
> Hi,
>
> wbinfo -Y BUILTIN\group can work without idmap_rid in Samba-3.0.14a. But
> I'm experiencing wbinfo -Y with idmap_rid failed for SID to GID
> conversion of BUILTIN groups.
>
> Since idmap_rid only works in a single domain, and captures workgroup's
> domain sid as a real domain sid in rid_idmap_get_domains(), when running
> "wbinfo -Y BUILTIN/System Operators", the function
> rid_idmap_get_id_from_sid() checks if incoming sid is same with
> workgroup domain sid by following comparison:
> 470 if ( sid_compare_domain(sid, &sidstr) == 0 )
>
> This would let the first "for" loop continue to go to the end, and make
> the loop variable i equal to trust.number(=1). And the code after the
> loop
> 474 if (i == trust.number) {
> 475 DEBUG(0,("rid_idmap_get_id_from_sid: no suitable
> range available for sid: %s\n",
> 476 sid_string_static(sid)));
> 477 return NT_STATUS_INVALID_PARAMETER;
> 478 }
>
> leads to generate an error with "no suitable range available for sid:",
> even if both
> idmap uid range and idmap gid range are exactly equal to idmap_rid range
> in smb.conf.
>
> So I'm wondering idmap_rid capability. I'd like to ask somebody if
> idmap_rid can work with BUILTIN group. If the answer is yes, How do we
> get Samba BUILTIN groups' SID? If the answer is no, I want to know if
> there is a possible solution to resolve sid to gid conversion for samba
> builtin groups by winbind with idmap_rid.
>
> smb.conf
> [global]
> workgroup = MYDOMAIN
> security = ads or domain
> allow trust domains = no
> idmap backend = idmap_rid:"MYDOMAIN=50000-60000"
> idmap uid = 50000-60000
> idmap gid = 50000-60000
> ......
>
> Any information is really appreciated.
> -Ying
--
======================================================================
Stefanos Karasavvidis
Electronic & Computer Engineer, M.Eng.
e-mail : sk at isc.tuc.gr
Technical University of Crete, Campus
Information Systems Center
Address: Akrotiri, Chania, 73100
Tel.: Library Buildings
(+30) 28210 37352, (+30) 28210 37355, (+30) 28210 37376
Environmental Engineering Buildings
(+30) 28210 37766
Fax: (+30) 28210 37571
More information about the samba
mailing list