Deprecated but still supported "idmap backend" actually
is broken
Dmitry Butskoy
buc at odusz.so-cdu.ru
Wed Oct 10 19:24:37 GMT 2007
On Wed, 2007-10-10 at 15:06 -0400, simo wrote:
> On Wed, 2007-10-10 at 21:17 +0400, Dmitry Butskoy wrote:
> > Dmitry Butskoy wrote:
> > >>
> > >>
> > >> dom->name = talloc_strdup(dom, dom_list[i]);
> > > Oops! dom->name is "defailt domain" now, but should be "FOO" :(
> > >
> >
> > ...and since "dom->name" is wrong,
> > the "nsswitch/idmap_rid.c:idmap_rid_unixids_to_sids()" reports:
> > "Unexpected error resolving an ID ..."
> > because "idmap_rid_id_to_sid()" was failed, because
> > "find_domain_from_name_noinit()" cannot find domain with name "default
> > domain" ...
>
> Something fishy, here.
> As you said we store "default domain" as the domain name (which is
> correct for the "default domain" and in any case it does not matter as
> the default domain is always checked if the other ones fail to find a
> mapping), and now we don't find it ?
The "default domain" name of a domain seems correct for tdb backend, but
not for rid. The rid backend requires the name of actual Windows domain.
I have no access to the source code at home now, but as I remember:
Wrong dom->name goes to ridctx->domain (or something similar), and then
see the nsswitch.idmap_rid.c:idmap_rid_id_to_sid() function.
>
> But without logs...
I have posted log.winbindd-idmap in the previous thread (44kb), hope
this helps.
But feel free to request anything more. :)
~buc
More information about the samba-technical
mailing list