[Samba] create_canon_ace_lists: unable to map SID
Gerald (Jerry) Carter
jerry at samba.org
Tue Apr 27 13:41:27 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mac wrote:
|>| create_canon_ace_lists: unable to map SID
|>| S-1-5-21-973294077-3660535-3933214913-1177 to uid or gid.
|>
|>Sounds like bug 1139 which was fixed in 3.0.3rc1.
|
| Have just downloaded 3.0.3rc1 and compiled.
|
| Could some kind soul please explain just what _should_
| happen here and how.
|
| I'm guessing that the XP Pro client has supplied a SID
| for some purpose and Samba is trying to match that to
| UNIX credentials.
|
| Clearly this can't work, _ever_, because the Samba
| server doesn't know anything about SIDs, especially not this
| one as it was generated by the AD domain controller when
| the user (jsmith) was created.
|
| How do I tell Samba what the SID is for any particular username?
|
| Should I use 'idmap'? (and pre-populate it from the AD?)
Is this SID, S-1-5-21-973294077-3660535-3933214913-1177, from
the AD domain or the local XP box ? Samba does understand
SIDs. We receive the user's info during the net_samlogon()
or by some other means.
If all of the AD users and groups have matching pre-existing
UNIX counterparts, then you can run winbindd and set
'winbindd trusted domains only = yes' to get the domain SID
matched to existing UNIX account.
If you do not run winbindd, the UNIX users and groups are
matched to a SID local to the Samba server (and hence why
you will sometimes see this error message in your logs).
Hope this helps.
cheers, jerry
- ----------------------------------------------------------------------
Hewlett-Packard ------------------------- http://www.hp.com
SAMBA Team ---------------------- http://www.samba.org
GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." ----------- Sting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAjmMHIR7qMdg1EfYRAm3UAJ0WwEzUTTRPs1hOTZj2Ny93N6YZ7QCgy7DQ
pKWuYmFxrzq9otL73r4ENw0=
=rd4S
-----END PGP SIGNATURE-----
More information about the samba
mailing list