[Samba] winbind / sid problem.

Anthony J. Breeds-Taurima tony at cantech.net.au
Fri Nov 22 05:29:01 GMT 2002


Hello all,
	I have a strange problem that I'd like advice on.  Here I run
several samba servers as home directory and print servers for an NT 4.0 (sp6a)
domain.  The domains relevant to this problem are CANNING and STUDENT.
The STUDENT domain trusts users in the CANNING domain.

My samba server is RedHat 6.2 (+ updates) running samba 2.2.7 (built today).
I upgraded because of a different problem which has been resolved.

I believe that the problem is to my winbind_idmap.tdb file.

The problem is that if I ask to a "passwd" entry for a winbind user
via name it works but via uid it fails.  Now currently there are only about
12 users that aren't working correctly.

for example:

Working:
[root at danish /tmp]# perl -e "print join(' ',getpwnam('STUDENT_0251347')),$/" 
STUDENT_0251347 x 15983 10001   Wing Pui Ma /NTAccounts/homes/STUDENT/0251347
/bin/false
[root at danish /tmp]# perl -e "print join(' ',getpwuid(15983)),$/"
STUDENT_0251347 x 15983 10001   Wing Pui Ma /NTAccounts/homes/STUDENT/0251347
/bin/false
[root at danish /tmp]#

Not Working:
[root at danish /tmp]# perl -e "print join(' ',getpwnam('STUDENT_0251040')),$/"
STUDENT_0251040 x 10196 10001   Anthea Simpson
/NTAccounts/homes/STUDENT/0251040 /bin/false
[root at danish /tmp]# perl -e "print join(' ',getpwuid(10196)),$/"

[root at danish /tmp]#

I did a little further digging and I see, for all the accounts that don't
correctly uid->name map I also cannot uid->sid map.  ie:
Working:
[root at danish samba]# wbinfo -U 15983
S-1-5-21-1201230140-1892445974-1082013118-3961

Not Working:
[root at danish samba]# wbinfo -U 10196
Could not convert uid 10196 to sid

For all the entries that cannot map uid->sid I also get a line in
windbindd.log:
[2002/11/22 13:22:59, 1] nsswitch/winbindd_sid.c:winbindd_uid_to_sid(178)
  Could not convert uid 10196 to rid

I have verified that the users that don't work correctly do exist on the NT
domain.  eg:
Administrator at MUFFIN ~/sid-utils/sid
$ ./user2sid.exe 0251040

S-1-5-21-1201230140-1892445974-1082013118-2265

Number of subauthorities is 5
Domain is STUDENT
Length of SID in memory is 28 bytes
Type of SID is SidTypeUser

Administrator at MUFFIN ~/sid-utils/sid

[root at danish nsswitch]# wbinfo -n STUDENT_0251040
S-1-5-21-1201230140-1892445974-1082013118-2265 1

So basically I'm guessing that means somehow my winbindd_idmap.tdb is
confused.  Does anyone know how I can fix this problem?


Yours Tony

   Jan 22-25 2003           Linux.Conf.AU            http://linux.conf.au/
		  The Australian Linux Technical Conference!





More information about the samba mailing list