[Samba] sid_to_uid: Domain controller lookup missing

Buchan Milne bgmilne at cae.co.za
Mon Sep 16 12:16:00 GMT 2002 

Christopher Odenbach wrote:
> Hi,
> 
> 
>>>Please make things clearer to me. :-)
>>
>>In samba-2.2.x there is no way for ACLs to work on a server that does
>>not have the SID matching the domain, and winbind supposedly can't
> 
> 
> Oh dear.
> 
> 
>>(except with older vversions of samba-2.2.x on the DC) use a samba
>>server. This means:

Sorry, this was with respect to a samba (2.2.x) DC, where you can't run 
winbind.

>>
>>1)Make all your samba servers that need ACLs domain controllers. This
>>can be done with ldap as passdb backend (haven't tested, but it
>>should work I think)
> 
> 
> We do not have ldap yet, so this will not work for us.

If your DC was samba, which is what I had assumed (having missed some of 
the thread, being subscribed in digest).

> 
> 
>>2)Only use ACLs on the DC
>>3)Use samba_head on the DC
> 
> 
> As I already mentioned the Domain Controller is an NT4 PDC, not a samba 
> server. So these two are no possible options for me either.
> 
> 
>>If winbind is actually working, but the only problem is that the
>>username it gets doesn't match the local username, then you should
>>try 'winbind use default domain = yes' in your smb.conf on all the
>>machines running winbind, so that winbind will look up axel, instead
>>of HNIRB\axel.
> 
> 
> I have just tried - does not do anything else.

Works for me (not ACLs, haven't tested that, but usernames are right), 
but AFAICR, it was added in 2.2.4.

You probably need to restart winbind, then see what 'wbinfo -u' gives 
you (and then 'getent passwd')

P.S. It may be advantageous to keep the summary (eg running samba-x.x.x 
on unix xx rel xx joined to a xxx SP xxx domain etc) of your environment 
in the mail, for people who climb into the thread late.

Buchan

-- 
|----------------Registered Linux User #182071-----------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7

More information about the samba mailing list