[Samba] sid_to_uid: Domain controller lookup missing
abartlet at dp.samba.org
abartlet at dp.samba.org
Mon Sep 16 08:12:01 GMT 2002
On Mon, Sep 16, 2002 at 09:29:27AM +0200, Christopher Odenbach wrote:
>
> Hi,
>
> > > So I suppose there is one step missing in between: If the domain
> > > part of the SID is equal to the domain name (set by the workgroup
> > > parameter) ask a PDC or BDC (set by the password server parameter
> > > or magically found out with *).
> >
> > This is what winbind does. smbd asks winbind, winbind asks the
> > relevent DC.
>
> Alright, then the problem is somewhere else, maybe in winbindd. I just
> tried to use winbind, but got the same result.
>
> This is what happens:
>
> root at edjo[~]# wbinfo -s S-1-5-21-730796786-1604346809-928725530-1230
> HNIRB\axel 1
>
> This is correct. The user 'axel' exists on the samba server - in the yp
> map.
>
> root at edjo[~]# ypmatch axel passwd
> axel:*:1067:15:Axel Betanski:/homes/pooh/axel:/usr/local/bin/tcsh
>
> So there already is a uid for him.
>
> root at edjo[~]# wbinfo -S S-1-5-21-730796786-1604346809-928725530-1230
> 40000
>
> Wrong! It should return the existing uid of 1067 instead of creating a
> new one.
>
> I hope you understand the problem.
This behaviour is by design. Winbind is an nss module and expects to be
the final authority on these matters. Given recent issues with Win2k SP3
and WinXP SP1, this might change, but this is not a trivial change.
The basic idea is that if you have users in /etc/passwd or yp, you don't
need to run winbind.
Andrew Bartlett
More information about the samba
mailing list