[Samba] Windows File-Security Tab out of sync and wrong SID Mappings with WINBIND 8-(

Petry Roman, ITS-IT Roman.Petry at dillinger.biz
Tue Apr 15 08:50:41 GMT 2003


Hello, i just searched the archive, but had no luck with my problem. Perhaps
somebody could help me please.. We use Linux with ACL Kernel 2.4.17. EXT3
File-System...

My samba 2.2.8a server shows different output in the Security Tab of Files
or Directorys..

If i create a new file in linux and set the permissions with setfacl -m to
DOMAIN*GROUP testfile i see in the securty settings the following entrys

(Group) everyone
(Group) unix_group.3302
(Group) unix_group.68

only those entrys with unix_group and no real names..

if i change the settings from windows 2k and add a new user to the list , it
changes to

(Group) everyone
(Group) unix_group.3302
(Group) unix_group.68
(User) robert test (DOMAIN\testuser)
(Group) AD (DOMAIN\AD)

if i change the settings from nt 4.0 it changes to.
(Group) everyone
(Group) unix_group.3302
(Group) unix_group.68
(Group) unix_group.44
(USER) unix_user.432

Why can´t i see real names ?? 

output of getfacl shows
getfacl: Removing leading '/' from absolute path names
# file: webserver/htdocs/fwb/testthomas
# owner: DOMAIN*TESTOWNER
# group: DH-COM*TESTGROUP
user::rwx
group::rw-
group:DOMAIN*TESTGRP:rwx
group:DOMAIN*TESTGRP2:r-x
mask::rwx
other::r--

That´s one of my problems..

The second one is

If i select a new user and want to give hime some access from NT I select
the user from the user list and after ok I can´t see him in the list.. 
in the log.station i see only those entrys..

[2003/04/15 09:35:38, 3]
smbd/nttrans.c:call_nt_transact_set_security_desc(1780)
  call_nt_transact_set_security_desc: file = test, sent 0x4
[2003/04/15 09:35:38, 3] smbd/uid.c:fetch_sid_from_uid_cache(591)
  fetch sid from uid cache 10195 ->
S-1-5-21-1558126179-1158248748-102967255-1793
[2003/04/15 09:35:38, 3] smbd/uid.c:fetch_sid_from_gid_cache(667)
  fetch sid from gid cache 10361 ->
S-1-5-21-1558126179-1158248748-102967255-7605
[2003/04/15 09:35:38, 0] smbd/posix_acls.c:create_canon_ace_lists(1018)
  create_canon_ace_lists: unable to map SID
S-1-5-21-1558126179-1158248748-102967255-4646 to uid or gid.
[2003/04/15 09:35:38, 3] smbd/process.c:process_smb(846)
  Transaction 474 of length 46

The unable to map error is very abnormal.. also this SID does not exist. It
should be the SID of the new USER or Group .. Why is there a wrong SID in
this List ?

Any hints for me ??

thanks in advance..

Roman









More information about the samba mailing list