Uid->Sid and Sid->Uid mapping

Christoph Klein christophk at cip.wiwi.uni-karlsruhe.de
Tue Jan 10 19:54:54 GMT 2006

During christmas vacation i became aware of something, that i can't
classify: Is it a feature or a bug! I'm using idmap_ad on our test
server and the following things do occur:

getent passwd z20673
	<works, user has uid 20673>
wbinfo -U20673
	could not convert uid 20673 to sid
wbinfo -nz20673
	<works, dumps "some-sid">
wbinfo -S"some-sid"
	<works, uid is 20673>
wbinfo -U20673
	<works now too, dumps the right sid>

this happens, because uid->sid conversion don't arrive at the idmap_ad
backend: If theres no mapping cached, i.e a sid->uid conv happened
before, winbind stops. idmap_sid_to_uid is called with ID_CACHE_ONLY in  winbindd_sid_to_uid in nsswitch/winbindd_sid.c This has possibly several implication, the one i know is the following:
Samba doesnt show the right owner when lookup the secdesc of a file. The
owner is then SERVER\USER instead of DOMAIN\USER.

All this happens on a member server


More information about the samba-technical mailing list