[Samba] create_canon_ace_lists: unable to map SID

Gerald (Jerry) Carter jerry at samba.org
Tue Apr 27 13:41:27 GMT 2004

Hash: SHA1

Mac wrote:

|>|   create_canon_ace_lists: unable to map SID
|>|   S-1-5-21-973294077-3660535-3933214913-1177 to uid or gid.
|>Sounds like bug 1139 which was fixed in 3.0.3rc1.
| Have just downloaded 3.0.3rc1 and compiled.
| Could some kind soul please explain just what _should_
| happen here and how.
| I'm guessing that the XP Pro client has supplied a SID
| for some purpose and Samba is trying to match that to
| UNIX credentials.
| Clearly this can't work, _ever_, because the Samba
| server doesn't know anything about SIDs, especially not this
| one as  it was generated by the AD domain controller when
| the user (jsmith) was created.
| How do I tell Samba what the SID is for any particular username?
| Should I use 'idmap'?  (and pre-populate it from the AD?)

Is this SID, S-1-5-21-973294077-3660535-3933214913-1177, from
the AD domain or the local XP box ?  Samba does understand
SIDs.  We receive the user's info during the net_samlogon()
or by some other means.

If all of the AD users and groups have matching pre-existing
UNIX counterparts, then you can run winbindd and set
'winbindd trusted domains only = yes' to get the domain SID
matched to existing UNIX account.

If you do not run winbindd, the UNIX users and groups are
matched to a SID local to the Samba server (and hence why
you will sometimes see this error message in your logs).

Hope this helps.

cheers, jerry
- ----------------------------------------------------------------------
Hewlett-Packard            ------------------------- http://www.hp.com
SAMBA Team                 ---------------------- http://www.samba.org
GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." ----------- Sting
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list