uid_to_sid issues since 2.0.23 with servers under Samba NT domain

Dmitry Butskoy buc at odusz.so-cdu.ru
Thu Aug 31 16:51:25 GMT 2006


I have a Samba server, which is a member of the Samba NT (+OpenLDAP + 
UNIX etc.) domain. Winbind is running on that server too. No any 
"idmap"s used, just direct "unix uid" to "samba sid" mapping at DC.

Since the upgrade to 2.0.23 some "uid==>sid" issues have appeared.

I have the option "hide unreadable = yes". With 2.0.23, some files which 
are actually readable appear as unreadable. The reason is Samba uses 
"local sid prefix" when compute SID from file's uid/gid, instead of the 
"domain sid prefix".

Looking at source/passdb/lookup_sid.c:uid_to_sid() :


If "lp_server_role() == ROLE_DOMAIN_MEMBER", then  
"winbind_uid_to_sid()" is called, and all is fine.


the role check have disappeared. As a result, winbind_uid_to_sid() is 
not called, and pdb_uid_to_rid() is used instead. With the default 
passdb (smbpasswd) it knows nothing about my domain...

I've tried to use "passdb backend = ldapsam", but this trying was 
unsuccessful because Samba requires ldap admin password in this case, 
and I don't wanna give that password for this server...

Is it a feature or a bug?

If it is a new behaviour, how can I cause uid_to_sid() to use 
winbind_uid_to_sid() in my environment?
Please note, that no any algorithmic rids/idmaps etc are used in my 
case. Winbind just received sids from the Samba DC servers, which store 
uid/sid etc. at the OpenLDAP backend.

Dmitry Butskoy,
Saint-Petersburg, Russia
Fedora Extras/Livna co-maintainer, RHCE

More information about the samba-technical mailing list