[Samba] winbind, sIDHistory and getpwuid problems

[Thomas Limoncelli]

In our native Win2K3 AD domain, several AD accounts have a sIDHistory 
that carry SIDs from before the AD domain migration in addition to the 
"primary" objectSID.

Samba 3.0.21c winbindd (with idmap OpenLDAP backend) on domain member 
servers (running SuSE 9.3 Pro) allocates multiple uids for these SIDs 
with the same (AD) user name:

Primary SID:

# getent passwd myuser
myuser:*:10770:10500:myuser:/cifs/home/user:/bin/false
# wbinfo --uid-to-sid 10770
S-1-5-21-A-B-C-1372
# net getdomainsid | grep XXX
SID for domain XXX is: S-1-5-21-A-B-C

"Secondary" SID:

# wbinfo --uid-to-sid 11950
S-1-5-21-D-E-F-287591
# wbinfo --sid-to-name S-1-5-21-D-E-F-287591
XXX\myuser 1

But getpwuid(3) doesn't return the mapping from the "secondary" uid to 
the user name:

# perl -e 'print join ":", getpwuid(10770), "\n"';
myuser:*:10770:10500:::myuser:/cifs/home/myuser:/bin/false:
# perl -e 'print join ":", getpwuid(11950), "\n"';

#

This causes problems with "ls" and friends not being able to show file 
owners as user names.

For local (passwd) users that share the same user name (but have 
different uids), getpwuid() works fine for both of them.

Thoughts?


-TL