[Samba] Re: NT/ADS and UNIX user convergence using Samba

Edvard Fagerholm efagerho at cc.hut.fi
Wed Apr 7 17:30:28 GMT 2004 

On Wed, Apr 07, 2004 at 09:02:35AM -0400, Aden, Steve wrote:
> Edvard,
> 	I have also been struggling with Samba and ADS. I too have the
> SID problem you mention. Is it possible for you to post the hack you did
> to workaround this problem? I have searched and searched and your post
> seems to be the first that confirms this problem, that I have reproduced
> in my lab. There has been many posts that are probably related to this
> problem, but nothing has been resolved.
> 
> Thank you,
> Steve Aden
> 

Just apply the attached patch to samba. The file to patch is:

samba-3.0.2a/sources/nsswitch/winbindd_sid.c

Then remember to put the following to your smb.conf:

winbind trusted domains only = yes
winbind use default domain = no (might be unneeded this just happens to be in
my config, because I needed it for my previous hack before the trusted domains
only stuff got implemented...)

Then specify the idmap ranges, so that they cover every uid and gid you specify
in AD4Unix. I myself use:

idmap uid = 1000-65000
idmap gid = 1000-65000

which covers my userbase quite well. I just traced the SID problem to that "if"
in the source and that "if" is probably there for a reason or it's simply a bug
and tests for the exact opposite that it should. I tried to post about it to the
technical mailing-list, but I didn't get any comments about it, so dunno. I
hope it doesn't mess up anything, but I've been running my previous hack on a
production server since august and haven't had any problems.

Regards,
Edvard
-------------- next part --------------
--- winbindd_sid.c.orig	2004-01-16 19:47:53.000000000 +0200
+++ winbindd_sid.c	2004-04-07 20:05:38.590502816 +0300
@@ -313,8 +313,11 @@
 	DEBUG(3, ("[%5lu]: uid to sid %lu\n", (unsigned long)state->pid, 
 		  (unsigned long)state->request.data.uid));
 
+/*
 	if ( (state->request.data.uid < server_state.uid_low ) 
 		|| (state->request.data.uid > server_state.uid_high) )
+*/
+	if(1)
 	{
 		struct passwd *pw = NULL;
 		enum SID_NAME_USE type;
@@ -384,8 +387,11 @@
 	DEBUG(3, ("[%5lu]: gid to sid %lu\n", (unsigned long)state->pid,
 		  (unsigned long)state->request.data.gid));
 		  
+/*
 	if ( (state->request.data.gid < server_state.gid_low) 
 		|| (state->request.data.gid > server_state.gid_high) )
+*/
+	if(1)
 	{ 		
 		struct group *grp = NULL;
 		enum SID_NAME_USE type;

More information about the samba mailing list