with most recent git master smbd fails to start in AD DC mode

Jeremy Allison jra at samba.org
Sat Mar 22 21:11:41 MDT 2014

On Sat, Mar 22, 2014 at 07:55:49PM -0700, Jeremy Allison wrote:
> On Sun, Mar 23, 2014 at 01:03:35PM +1300, Andrew Bartlett wrote:
> > On Sat, 2014-03-22 at 12:39 -0700, Jeremy Allison wrote:
> > > 
> > > username -> getpwnam() -> uid_to_sid() -> sid_to_uid() -> getpwuid() -> username
> > 
> > | This part                              |
> > 
> > doesn't happen in the AD DC case.  We start with a SID from the sam.ldb
> > database. 
> Are you saying this SID from the sam.ldb database doesn't
> map to a UNIX uid ? It is only the guest SID that is causing
> the problem for Günter.
> I guess I don't understand what you're trying to tell
> me here (explain like I'm five please :-).

Just to be clear what I don't understand :-).

Even if the 'username -> getpwnam() -> uid_to_sid()'
part isn't done and we start with a SID from sam.ldb,
if this SID is a primary user in a token (which
it is in this case) I would expect that we must
be able to do :

sid_to_uid() -> getpwuid()

and get back a valid 'struct passwd' coming
from the smbd winbindd, or if we're inside the AD-DC
code coming from the built-in winbindd.

Even if winbindd isn't running the SID
should be from the 'legacy' uid_to_sid/sid_to_uid
code so it should still map to a valid user
on the system (*somewhere* inside /etc/passwd :-).

Under what circumstances is this not the
case ?

Remember we're creating a token here which
is then mapped into a UNIX uid+gid_list
credential struct that can be set on the
process, so I think it needs to mean *something*
to the system.


More information about the samba-technical mailing list