Samba4: idmap replication between 2 DC's

steve steve at steve-ss.com
Thu Jul 19 06:41:03 MDT 2012 

On 19/07/12 13:55, Sergey Urushkin wrote:
>
> 13.07.2012 11:49, Andrew Bartlett пишет:
>> On Fri, 2012-07-13 at 09:03 +0200, steve wrote:
>>
>>> Summary,
>>> idmap_ldb:use rfc2307 = yes
>>> uidNumber in AD works
>>> gidNumber in AD does not work
>>>
>>> Can you help me sort the gidNumber?
>> This would be significantly less frustrating for all of us if you would
>> attempt debugging the source yourself.
>>
>> I'm sure this isn't a difficult bug to solve, so why not give it a go.
>>
>> Some starting hints:
>>   - git grep gidNumber
>>   - increase debug level to cover any existing, relelvent debug
>> statements
>>   - Add debug statements to cover the full flow control of any apparently
>> relevant functions:
>>     DEBUG(0, ("debug message"));
>>   - start samba under gdb using :
>>     gdb --args samba -i -M single
>>   - use samba_start_debugger() to launch gdb under particular conditions
>>
>> I know you have said this is beyond you, but I do believe this is a
>> skill you can learn.
>>
>> Andrew Bartlett
>>
> Hi!
> This problem affects me too. After some investigation I found where the
> problem is, here is the patch that fixes it:
>
> --- a/source4/winbind/idmap.c    2012-06-21 12:54:38.000000000 +0400
> +++ b/source4/winbind/idmap.c    2012-07-19 15:41:31.039544144 +0400
> @@ -458,7 +458,7 @@
>           goto failed;
>       } else if (ret == LDB_SUCCESS) {
>           uint32_t account_type = ldb_msg_find_attr_as_uint(sam_msg,
> "sAMaccountType", 0);
> -        if (account_type & ATYPE_ACCOUNT) {
> +        if (account_type == ATYPE_ACCOUNT) {
>               const struct ldb_val *v = ldb_msg_find_ldb_val(sam_msg,
> "uidNumber");
>               if (v) {
>                   unixid->type = ID_TYPE_UID;
>
> Steve, could you test it?
>
> Thanks.
>
Hi Sergey,
That's great news. Yes of course I'll test it.
Could you take me through how to apply it?

As I see it, I remove:
  if (account_type & ATYPE_ACCOUNT) {
and replace with:
  if (account_type == ATYPE_ACCOUNT) {

Will that do it?
Cheers,
Steve

More information about the samba-technical mailing list