[Samba] winbind sometimes does not resolve sid to a name

Shirish Pargaonkar shirishpargaonkar at gmail.com
Thu Dec 2 14:13:21 MST 2010 

On Tue, Nov 16, 2010 at 10:19 AM, Shirish Pargaonkar
<shirishpargaonkar at gmail.com> wrote:
> On Sat, Nov 13, 2010 at 5:34 PM, Michael Wood <esiotrot at gmail.com> wrote:
>> On 14 November 2010 01:16, Shirish Pargaonkar
>> <shirishpargaonkar at gmail.com> wrote:
>>> On Sat, Nov 13, 2010 at 4:52 PM, Michael Adam <obnox at samba.org> wrote:
>>>> Hi Shirish,
>>>>
>>>> Shirish Pargaonkar wrote:
>>>>> On Mon, Nov 8, 2010 at 1:47 PM, Jeremy Allison <jra at samba.org> wrote:
>>>>> > On Mon, Nov 08, 2010 at 01:21:30PM -0600, Shirish Pargaonkar wrote:
>>>>> >> Sometimes a group sid does not get resolved to its name.
>>>>> >>
>>>>> >> Is this a settings problem?  Looks like winbind deamon
>>>>> >> went dormant for a while and then woke up?
>>>>> >> I am using interface wbcLookupSid provided by the
>>>>> >> library libwbclient.so for resolving sids to names.
>>>>> >>
>>>>> >> These are the winbind related parameters in
>>>>> >> /etc/samba/smb.conf
>>>>> >
>>>>> > Not enough information for useful debugging. What
>>>>> > do the winbindd logs say ?
>>>>> >
>>>>>
>>>>> ps -eaf | grep winbind
>>>>> root     20085     1  0 14:03 ?        00:00:00 /usr/sbin/winbindd -D
>>>>> root     20086 20085  0 14:03 ?        00:00:00 /usr/sbin/winbindd -D
>>>>> root     20089 20085  0 14:03 ?        00:00:00 /usr/sbin/winbindd -D
>>>>>
>>>>> Cleared /var/log/samba/winbindd.log just before issueing
>>>>> command getcifsacl which could not resolve the group SID
>>>>>
>>>>> winbindd.log attached.
>>>>
>>>> not really. :-)
>>>>
>>>> Cheers - Michael
>>>
>>> Michael, not sure what is implied.  The log is not sufficient?
>>
>> No, the mailing list (sometimes) strips attachments.  There was no log
>> file attached to your e-mail when I received it.
>>
>>> I see two error messages in the log.
>>>
>>> [2010/11/08 14:32:56,  5] winbindd/winbindd_async.c:lookupsid_recv2(138)
>>>  lookupsid (forest root) returned an error
>>> [2010/11/08 14:32:56,  5] winbindd/winbindd_sid.c:lookupsid_recv(61)
>>>  lookupsid returned an error
>>
>> --
>> Michael Wood <esiotrot at gmail.com>
>>
>
> Hope this attachment sticks.
>
> Regards,
>
> Shirish
>

I see one more type error while using winbind,
wbcSidToUid returns error 7 but  wbcSidToGid succeeds.

/tmp/getcifsacl /mnt/smb_d/Makefile
REVISION:0x1
CONTROL:0x9404
OWNER:BUILTIN\Administrators
GROUP:CIFSTESTDOM\Domain Users
ACL:CIFSTESTDOM\Domain Users:DENIED/0x0/0x10000
ACL:CIFSTESTDOM\Administrator:ALLOWED/0x0/0x1700a1
ACL:BUILTIN\Performance Log Users:ALLOWED/0x0/CHANGE
ACL:CIFSTESTDOM\stevef:ALLOWED/0x0/FULL

# cat /var/log/messages

cifs.upcall: Owner wbcStringToSid: S-1-5-32-544, rc: 0
cifs.upcall: Owner wbcSidToUid: S-1-5-32-544, uid: 0, rc: 7
cifs.upcall: Group wbcStringToSid:
S-1-5-21-2849063682-2007077719-983662776-513, rc: 0
cifs.upcall: Group wbcSidToGid:
S-1-5-21-2849063682-2007077719-983662776-513, gid: 10010, rc: 0

Error winbindd.log file is as follows:
sid2uid_lookupsid_recv: Sid S-1-5-32-544 is not a user or a computer.


I changed Owner of the file on the server to
 OWNER:CIFSTESTDOM\Domain Users
but the same error during wbcSidToUid

[2010/12/02 14:36:20,  5] winbindd/winbindd_sid.c:sid2uid_lookupsid_recv(192)
  sid2uid_lookupsid_recv: Sid
S-1-5-21-2849063682-2007077719-983662776-513 is not a user or a
computer.

[[2010/12/02 14:36:20,  7] winbindd/winbindd_idmap.c:winbindd_sid2gid_async(363)
  winbindd_sid2gid_async: Resolving
S-1-5-21-2849063682-2007077719-983662776-513 to a gid

If I change Owner to OWNER:CIFSTESTDOM\Administrator,  then it works

/tmp/getcifsacl /mnt/smb_d/Makefile
REVISION:0x1
CONTROL:0x9404
OWNER:CIFSTESTDOM\Administrator
GROUP:CIFSTESTDOM\Domain Users
ACL:CIFSTESTDOM\Domain Users:DENIED/0x0/0x10000
ACL:CIFSTESTDOM\Administrator:ALLOWED/0x0/0x1700a1
ACL:BUILTIN\Performance Log Users:ALLOWED/0x0/CHANGE
ACL:CIFSTESTDOM\stevef:ALLOWED/0x0/FULL
cifstest6:/usr/src/linux.ssp.cifs.09092010.l/cifs-2.6 # cat /var/log/messages

cifs.upcall: Owner wbcStringToSid:
S-1-5-21-2849063682-2007077719-983662776-500, rc: 0
cifs.upcall: Owner wbcSidToUid:
S-1-5-21-2849063682-2007077719-983662776-500, uid: 10000, rc: 0
cifs.upcall: Group wbcStringToSid:
S-1-5-21-2849063682-2007077719-983662776-513, rc: 0
cifs.upcall: Group wbcSidToGid:
S-1-5-21-2849063682-2007077719-983662776-513, gid: 10010, rc: 0

Is this the expected behaviour, some sids can_not/will_not be mapped
such as this
Owner BUILTIN\Administrators.

Regads,

Shirish

More information about the samba-technical mailing list