Problems with uid mappings. Bug?

Edvard Fagerholm efagerho at cc.hut.fi
Thu Apr 1 13:23:46 GMT 2004 

Hello!

I'm running samba with winbind trusted domains only = yes. I have a Win2k3 DC
and a samba 3.0.2a server (file server). Now there windows computers with CIFS
and unix computers with NFS access to the same resources. Users are shared
between all computers with AD4Unix and unix computers use LDAP to query uids.

I've got the following problem. If I create a new user and create a file owned
by that user on the Samba share through NFS and view the permissions for that
file from a Windows computer (through CIFS), then the owner looks like:

Samba_Server\Username

If I create the same file through CIFS, the permissions show correctly as:

Domain\Username

It looks like the semantics when opening a file are incorrect. This is what
happens when I open up the file, when the user has never been encountered
before by samba:

[2004/04/01 15:30:11, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1297)
  getsampwnam (smbpasswd): search by name: efagerho
[2004/04/01 15:30:11, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(179)
  startsmbfilepwent_internal: opening file
/usr/local/samba-test/private/smbpasswd
[2004/04/01 15:30:11, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(517)
  getsmbfilepwent: end of file reached.
[2004/04/01 15:30:11, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(291)
  endsmbfilepwent_internal: closed password file.
[2004/04/01 15:30:11, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (60000, 1000) - sec_ctx_stack_ndx = 0
[2004/04/01 15:30:11, 4] passdb/passdb.c:local_uid_to_sid(1121)
  local_uid_to_sid: User efagerho [uid == 1001] has no samba account
[2004/04/01 15:30:11, 8] passdb/passdb.c:algorithmic_uid_to_sid(1082)
  algorithmic_uid_to_sid: falling back to RID algorithm
[2004/04/01 15:30:11, 10] passdb/passdb.c:algorithmic_uid_to_sid(1086)
  algorithmic_uid_to_sid:  uid (1001) -> SID
S-1-5-21-1800506278-3384839287-522764533-3002.
[2004/04/01 15:30:11, 10] passdb/lookup_sid.c:uid_to_sid(332)
  uid_to_sid: local 1001 -> S-1-5-21-1800506278-3384839287-522764533-3002

and then the generated SID gets stored in uid cache. I think it should first
ask winbindd to query the DC for a SID and not immediately generate it. If I
delete every tdb-file, then the permissions in the file created through CIFS
start showing up incorrectly too. 

If I add a user with uid 1006 through CIFS to the file, then I get the
following logs:

[2004/04/01 16:03:09, 10] passdb/lookup_sid.c:uid_to_sid(319)
  uid_to_sid: winbindd 1006 -> S-1-5-21-1847603123-3694140495-2216420365-1402

and the user shows correctly as Domain\Username in the security tab.

Regards,
Edvard Fagerholm

More information about the samba-technical mailing list