samba4: winbind/idmap_ad can't retrieve the uidNumber and gidNumber attributes using ldap query
David Mansfield
samba at dm.cobite.com
Fri Jan 25 14:17:26 MST 2013
Hi All:
I have a samba 4.0.1 installation that I've put into production for a
small handful of windows clients, running on centos 6 (x86_64). So far
so good. I followed the howto pretty much and did a classicupgrade.
However, I'm having an issue with winbind (on a fedora 18 samba4
winbindd, fedora 17 samba3 winbindd and centos 6 samba3 winbindd) using
idmap_ad. This was all working in my test platform so I must be missing
something.
I've debugged it to the part where an ldap query is made using the SID
(and a bunch of object type), requesting uidNumber and gidNumber
attributes.
I've run the same query using ldbsearch on the server and it DOES show
the attributes.
The reply to the winbind query, however, doesn't contain the attributes,
but does contain sAMAccountType and objectSid. I modified idmap_ad.c to
also request the "name" attribute (added it to the attrs[] array), and
I'm dumping the ldap response object - it does contain "name" but not
uidNumber and gidNumber.
The source code is (in samba 3.6.9) in idmap_ad.c in the function
idmap_ad_sids_to_unixids around line 511.
Can anyone shed some light ?
Thanks,
David Mansfield
Cobite, INC.
More information about the samba-technical
mailing list