the search SID to uid falied

hakim hakim at mandrakesoft.Com
Thu Nov 25 12:13:37 GMT 2004 

Hi,


[2004/11/25 14:25:01, 10] passdb/passdb.c:algorithmic_gid_to_sid(1234)
  algorithmic_gid_to_sid:  gid (43) -> SID
S-1-5-21-1688021309-183578045-1594628879-1087.
[2004/11/25 14:25:01, 10] passdb/lookup_sid.c:gid_to_sid(365)
  gid_to_sid: local 43 -> S-1-5-21-1688021309-183578045-1594628879-1087
[2004/11/25 14:25:01, 10] smbd/posix_acls.c:canonicalise_acl(2191)
  canonicalise_acl: Access ace entries before arrange :
[2004/11/25 14:25:01, 10] smbd/posix_acls.c:canonicalise_acl(2204)
  canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
perms r--
[2004/11/25 14:25:01, 10] smbd/posix_acls.c:canonicalise_acl(2204)
  canon_ace index 1. Type = allow SID =
S-1-5-21-1688021309-183578045-1594628879-1087 gid 43 (usb) SMB_ACL_GROUP
perms rwx
[2004/11/25 14:25:01, 10] smbd/posix_acls.c:canonicalise_acl(2204)
  canon_ace index 2. Type = allow SID =
S-1-5-21-1688021309-183578045-1594628879-1001 gid 0 (root)
SMB_ACL_GROUP_OBJ perms r--
[2004/11/25 14:25:01, 10] smbd/posix_acls.c:canonicalise_acl(2204)
  canon_ace index 3. Type = allow SID =
S-1-5-21-1688021309-183578045-1594628879-1001 uid 1582 (IUSR_NT2)
SMB_ACL_USER perms r--
[2004/11/25 14:25:01, 10] smbd/posix_acls.c:canonicalise_acl(2204)
  canon_ace index 4. Type = allow SID =
S-1-5-21-1688021309-183578045-1594628879-1000 uid 0 (root)
SMB_ACL_USER_OBJ perms rw-
[2004/11/25 14:25:01, 10] smbd/posix_acls.c:print_canon_ace_list(587)
  print_canon_ace_list: canonicalise_acl: ace entries after arrange
  canon_ace index 0. Type = allow SID =
S-1-5-21-1688021309-183578045-1594628879-1000 uid 0 (root)
SMB_ACL_USER_OBJ perms rw-
  canon_ace index 1. Type = allow SID =
S-1-5-21-1688021309-183578045-1594628879-1087 gid 43 (usb) SMB_ACL_GROUP
perms rwx
  canon_ace index 2. Type = allow SID =
S-1-5-21-1688021309-183578045-1594628879-1001 gid 0 (root)
SMB_ACL_GROUP_OBJ perms r--
  canon_ace index 3. Type = allow SID =
S-1-5-21-1688021309-183578045-1594628879-1001 uid 1582 (IUSR_NT2)
SMB_ACL_USER perms r--


Why 43 and  no why it make for this user a map for a group 43
(on /etc/group usb:x:43:)

because when i make getfacl the file i have :


 getfacl test2 
# file: test2
# owner: root
# group: root
user::rw-
user:IUSR_NT2:r--
group::r--
group:usb:rwx
mask::rwx
other::r--


normaly it's not  group:usb:rwx it's user::é:rwx


I can see on the log :

  canon_ace index 0. Type = allow SID =
S-1-5-21-1688021309-183578045-1594628879-1001 gid 0 (root)
SMB_ACL_GROUP_OBJ perms r--
  canon_ace index 1. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
perms r--
  canon_ace index 2. Type = allow SID =
S-1-5-21-1688021309-183578045-1594628879-1000 uid 0 (root)
SMB_ACL_USER_OBJ perms rw-
  canon_ace index 3. Type = allow SID =
S-1-5-21-1688021309-183578045-1594628879-1001 uid 1582 (IUSR_NT2)
SMB_ACL_USER perms r--
  canon_ace index 4. Type = allow SID =
S-1-5-21-1688021309-183578045-1594628879-1087 gid 43 (usb) SMB_ACL_GROUP
perms rwx


Very very strange.

When i make getent passwd i see the user :
é:x:1592:513:Samba User:/home/é:/bin/bash
The uid is 1592  no 43"


It test  to group :
  smbldap_search: base => [ou=Group,dc=example,dc=com], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-1688021309-183578045-1594628879-1086))], scope => [2]


  local_sid_to_gid: SID S-1-5-21-1688021309-183578045-1594628879-1086 is
*NOT* a group

It found it's not a group after on the log  i see :

  create_canon_ace_lists: unable to map SID
S-1-5-21-1688021309-183578045-1594628879-1086 to uid or gid.

It can't map the sid for uid 

If i make getent passwd i can see the uid and gid of this user:

papaé:x:1591:513:Samba User:/home/papaé:/bin/bash


If you can help me very thanks.

hakim

More information about the samba-technical mailing list