[Samba] Winbind could not convert sid to gid...

Bastiaans, Remco r.bastiaans at rijnland.nl
Mon Sep 20 11:51:01 GMT 2004 

Solved this problem by downloading the RPM-packages from Samba.org, and
installing 'm over the Fedora-packages...

-----Oorspronkelijk bericht-----
Van: Bastiaans, Remco [mailto:r.bastiaans at rijnland.nl]
Verzonden: vrijdag 17 september 2004 17:31
Aan: 'samba at lists.samba.org'
Onderwerp: RE: [Samba] Winbind could not convert sid to gid...


Follow up for my problem:

a "getent passwd" leaves me with a ton of these entries in winbind.log:

[2004/09/17 17:27:15, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50)
  error getting user id for sid S-1-5-21-637226847-105070846-619646970-6034
[2004/09/17 17:27:15, 1] nsswitch/winbindd_user.c:winbindd_getpwent(571)
  could not lookup domain user AMoore
[2004/09/17 17:27:15, 0] sam/idmap_tdb.c:db_allocate_id(106)
  idmap Fatal Error: UID range full!! (max: 25000)
[2004/09/17 17:27:15, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50)
  error getting user id for sid S-1-5-21-637226847-105070846-619646970-4427
[2004/09/17 17:27:15, 1] nsswitch/winbindd_user.c:winbindd_getpwent(571)
  could not lookup domain user AMulde
[2004/09/17 17:27:15, 0] sam/idmap_tdb.c:db_allocate_id(106)
  idmap Fatal Error: UID range full!! (max: 25000)
[2004/09/17 17:27:15, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50)
  error getting user id for sid S-1-5-21-637226847-105070846-619646970-6929
[2004/09/17 17:27:15, 1] nsswitch/winbindd_user.c:winbindd_getpwent(571)
  could not lookup domain user AMunst
[2004/09/17 17:27:15, 0] sam/idmap_tdb.c:db_allocate_id(106)
  idmap Fatal Error: UID range full!! (max: 25000)

And the getent only shows local linux-users, no domain-users.  Anybody knows
where to look???

Thanks,
Remco


-----Oorspronkelijk bericht-----
Van: Bastiaans, Remco [mailto:r.bastiaans at rijnland.nl]
Verzonden: woensdag 15 september 2004 13:35
Aan: 'samba at lists.samba.org'
Onderwerp: [Samba] Winbind could not convert sid to gid...


Hi,

I'm using the Samba RPM's from Fedora Core 2 RPM's (3.0.7-2.FC2) as an
authentication backend for a Squid Proxy server.  It all seems to work fine,
until I (try to)authenticate against a domain-group..  I started trying with
3.0.6-2.FC2, which also didn't work...  This is a pretty clean/fresh
installation of Fedora Core 2, for whatever that's worth...

I've succeeded joining the Windows NT4 domain (RZH_NT)...  Winbind seems to
work fine at first.. I can test the trust-secret ok, even authenticate a
user from the domain (RBasti), it can see the domain-groups (Internet), get
te sid, but it can't convert the sid to a gid...

# wbinfo -t
checking the trust secret via RPC calls succeeded

# wbinfo -u |grep RBasti
RBasti

# wbinfo -a RBasti%********     (passwd blanked)
plaintext password authentication succeeded
challenge/response password authentication succeeded

# wbinfo -g |grep Internet
Internet

# wbinfo -n Internet
S-1-5-21-637226847-105070846-619646970-7160 Domain Group (2)

# wbinfo -Y S-1-5-21-637226847-105070846-619646970-7160
Could not convert sid S-1-5-21-637226847-105070846-619646970-7160 to gid

Any idea's?  I also don't see any domain-users/groups appearing in
/etc/passwd or /etc/group... I guess that's why wbinfo -Y is failing, but I
can't figure out how to find out what's preventing this from working...

Remco
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list