Uid->Sid and Sid->Uid mapping
Christoph Klein
christophk at cip.wiwi.uni-karlsruhe.de
Tue Jan 10 19:54:54 GMT 2006
Hi,
During christmas vacation i became aware of something, that i can't
classify: Is it a feature or a bug! I'm using idmap_ad on our test
server and the following things do occur:
getent passwd z20673
<works, user has uid 20673>
wbinfo -U20673
could not convert uid 20673 to sid
wbinfo -nz20673
<works, dumps "some-sid">
wbinfo -S"some-sid"
<works, uid is 20673>
wbinfo -U20673
<works now too, dumps the right sid>
this happens, because uid->sid conversion don't arrive at the idmap_ad
backend: If theres no mapping cached, i.e a sid->uid conv happened
before, winbind stops. idmap_sid_to_uid is called with ID_CACHE_ONLY in winbindd_sid_to_uid in nsswitch/winbindd_sid.c This has possibly several implication, the one i know is the following:
Samba doesnt show the right owner when lookup the secdesc of a file. The
owner is then SERVER\USER instead of DOMAIN\USER.
All this happens on a member server
christoph
More information about the samba-technical
mailing list