[Samba] winbind, ads, and trouble with group lookups

Harry h3 at ucla.edu
Tue Jun 24 00:23:43 GMT 2003


Hello,

I've been trying to get samba set up to authenticate users off a W2003/ADS
system and it appears to be working for the most part. However, there is one
issue plaguing me and I'm not sure how serious it is.

In brief, the Windows SID => Unix GID mapping is failing in odd ways. After
getting things set up, the following work:

* wbinfo -g (lists all domain groups, ie DOMAIN+user)
* getent group (lists Unix and Windows groups with GIDs and members)
* wbinfo -r DOMAIN+user (lists GIDs of groups of which the user is a member)
* id DOMAIN+user (returns GIDs, but not group names)

The following do *not* work:

* wbinfo -Y "`wbinfo -n DOMAIN+user`" (get "Could not convert sid xyz to gid")
* anything like "ls -l /some/dir" will list only numerical gids and a message
appears in log.winbind along the lines of "name 'blah' is not a local or
domain group: 1"

UID lookups appear to be working fine. For example the following analogue
works:

wbinfo -S "`wbinfo -n DOMAIN+user`"

The domain usernames show up in ls -l outputs and "id DOMAIN+user" returns
both the UID and username as expected.

Can anyone suggest why the errors are occurring and why the group names aren't
being mapped properly in all cases? I've seen some issues mentioned on the
mailing list and in bugzilla concerning gid mapping but they were slightly
different - is this a known bug or "fixed in CVS" issue?

Specs: RedHat 9.0 (fresh install) + samba-3.0.0beta1-1 (install via RPM from
samba.org).

The output of testparm looks like this:

Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

# Global parameters
[global]
    workgroup = DOMAIN
    realm = SOMEREALM.UCLA.EDU
    ADS server = nnn.nnn.nnn.nnn
    server string = myhostname
    security = ADS
    password server = nnn.nnn.nnn.nnn
    log file = /var/log/samba/log.%m
    max log size = 50
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    dns proxy = No
    wins server = nnn.nnn.nnn.nnn
    idmap uid = 1000-9999
    idmap gid = 1000-9999
    winbind uid = 1000-9999
    winbind gid = 1000-9999
    winbind separator = +
    hosts allow = nnn.nnn.nnn., 127.0.0.1

[homes]
    comment = Home Directories
    path = /home/win/%S
    read only = No
    browseable = No

Thanks,
Harry






More information about the samba mailing list