[IDMAP AD] Strange questions on uid/gid resolution.

Neal A. Lucier nlucier at math.purdue.edu
Wed Aug 23 16:05:30 GMT 2006


Chun Kit Hui wrote:
> I am using Win2003 with SFU 3.5 (not R2) as domain controller. I enabled 
> the
> UNIX attributes of several users and groups. I use idmap = ad to connect to
> my Win2003 box and setup the winbind / nss accordingly. wbinfo -u / -g work
> fine, getent passwd / group works fine, chown works fine, id <username>
> works fine. But when I tries to use ls or groups <username>, it returns the
> error "id: cannot find name for <GROUP>" and ls just shows the uid/gid
> instead of the name.
> 
> Any ideas?
> 

I noticed the same behavior with 3.0.23a, idmap=ad, and w2k3 r2 on 
Solaris/SPARC.  I tracked the issue to that though winbind could do 
username->uid it could not do uid->username; i.e.:

% getent passwd nlucier
nlucier:x:501:1:Neal Antoine Lucier:/home/nlucier:/bin/tcsh
% getent passwd 501
%

'truss'ing the getent I could see that libnss_winbind was putting the 
501 into the door(?) file shared with winbindd but all zeros would be 
returned.  When nlucier was put into the same file winbindd would 
happily return everything.  That's as far as I traced it, because Jerry 
then confirmed the bug with implicit mapping of users by name, which is 
the config I want to use.

Neal


More information about the samba-technical mailing list