winbind -- needs well-known SIDs? & workstation missing....

Sat Jul 30 14:07:31 MDT 2011

Originally sent to the users list, but I suppose it is a bit on
the technical side...

I've never seen any mention of a requirement for adding wellknown sids
to my DB..., but it seems they are getting looked up there.

Is that behavior by design??

Would it be imprudent to add such values?  I.e. I'm thinking of
doing so, only because, if they are being looked up there, I
then instead of getting a non-mapped and whoever is querying having to
look elsewhere, they could get the answer back immediately.

Since they are 'well-known-sids', I'm guessing by some behaviors I've
observed, that if it can't find them on the server, it will use local lookups.

But that leads me to the reason for wanting to have them on the
smb server:   when I look up well known sids when modifying
access lists, for ones that I don't have entries for on the server,
it takes 1-3 seconds to timeout and return a local value, whereas
entries that exist on the server come back almost instantly.

As I'm seeing many lookups of this type in the logs, (several within a few 
seconds of each other), I'm guessing this slows down client operations --
so is this 'normal' behavior?

-----
also, 2nd issue maybe unrelated, but why would the server not know
about a workstation joined to it's domain (it's listed when I
do a 'net sam list workstations')....?

-------- Original Message --------
Date: Fri, 29 Jul 2011 03:50:46 -0700
From: Linda Walsh <samba at tlinx.org>
To: Samba mailing list <samba at lists.samba.org>
Subject: winbind - NT_STATUS_NONE_MAPPED ( & auth probs)....related?

I'm seeing this for several lookups in winbind for items
that I have not explicitly added.  Should I add them?

  Could not find domain for
  Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED

  Could not find domain for sid S-1-1-0
  Could not convert sid S-1-1-0: NT_STATUS_NONE_MAPPED

  Could not find domain for sid S-1-5-11
  Could not convert sid S-1-5-11: NT_STATUS_NONE_MAPPED

  Could not find domain for sid S-1-5-2
  Could not convert sid S-1-5-2: NT_STATUS_NONE_MAPPED

Also was seeing this for an XP machine (not seeing the messages
for the Win7 machine):

winbindd_getpwnam: My domain -- rejecting getpwnam() for BLISS\athena$.

But machine athena was able to join the domain...so what
would such a message mean?

I'm able to access my server files normally from that machine
as 'me', but when I have a friend over, I set them up w/an
account for gaming, and they can't access the server...
(fortunately the game is on the local machine)...but
I made sure they have an account on the server,
they are listed in "wbinfo -u"  (as am I),

But no password works for validating them and they see no shares.

It's also the case that my 'root' user can't do any net rpc tasks
because the password comes up 'invalid'...
I've reset it with 'smbpasswd', but still net rpc user, (to list
users, won't let me because it claims I'm typing in an invalid
passwd..

So...is winbind needing something?

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba