[Samba] gid to sid question
Andrew Tranquada
andrew.tranquada at gmail.com
Fri Mar 12 10:16:46 MST 2010
I am very curious as to why this happens, as it makes us worry a bit when
checking the winbind logs.
We are using winbind to do sid -> uid/gid mappings with the hash idmap
backend. We are using samba 3.4.5.
What we see is:
when we login and do run "id" we get what we should see
(uid=<number>,gid=<number>,groups=<number>(group_name)" however at the very
end of the list, we get just a number
however if I do id <my currently logged in user>
I do not see that number at the end.
$ id
uid=373294482(<redacted>) gid=373293569(<redacted>)
groups=373293568(<redacted>),373293569(<redacted>),373293628(<redacted>),373294172(<redacted>),373294207(<redacted>),373294210(<redacted>),373294701(<redacted>),373295722(<redacted>),1096848426
$ id <my current logged in user>
uid=373294482(<redacted>) gid=373293569(<redacted>)
groups=373293569(<redacted>),373293628(<redacted>),373295722(<redacted>),373294172(<redacted>),373294701(<redacted>),373293568(<redacted>),373294207(<redacted>),373294210(<redacted>)
which then produces the following in log.winbindd
could not convert gid 1096848426 to sid
Any idea why this happens? Is it something we need to be concerned about?
(this happened before using samba 3.0.33 and the rid idmap backend, as well)
our smb.conf
netbios name = <redacted>
workgroup = <redacted>
security = ads
realm = <redacted>
kerberos method = system keytab
idmap backend = hash
idmap uid = 4000-100000000
idmap gid = 4000-100000000
winbind enum users = yes
winbind enum groups = yes
auth methods = winbind
template shell = /bin/bash
password server = <redacted>
template homedir = <redacted>
winbind normalize names = yes
winbind use default domain = yes
allow trusted domains = no
winbind cache time = 3600
Thank you!
--
Andrew Tranquada
More information about the samba
mailing list