[Samba] Wbinfo -Y couldn't work with idmap_rid for BUILTIN groups
Li, Ying (ESG)
ying.li2 at hp.com
Wed Aug 24 00:56:48 GMT 2005
Hi,
wbinfo -Y BUILTIN\group can work without idmap_rid in Samba-3.0.14a. But
I'm experiencing wbinfo -Y with idmap_rid failed for SID to GID
conversion of BUILTIN groups.
Since idmap_rid only works in a single domain, and captures workgroup's
domain sid as a real domain sid in rid_idmap_get_domains(), when running
"wbinfo -Y BUILTIN/System Operators", the function
rid_idmap_get_id_from_sid() checks if incoming sid is same with
workgroup domain sid by following comparison:
470 if ( sid_compare_domain(sid, &sidstr) == 0 )
This would let the first "for" loop continue to go to the end, and make
the loop variable i equal to trust.number(=1). And the code after the
loop
474 if (i == trust.number) {
475 DEBUG(0,("rid_idmap_get_id_from_sid: no suitable
range available for sid: %s\n",
476 sid_string_static(sid)));
477 return NT_STATUS_INVALID_PARAMETER;
478 }
leads to generate an error with "no suitable range available for sid:",
even if both
idmap uid range and idmap gid range are exactly equal to idmap_rid range
in smb.conf.
So I'm wondering idmap_rid capability. I'd like to ask somebody if
idmap_rid can work with BUILTIN group. If the answer is yes, How do we
get Samba BUILTIN groups' SID? If the answer is no, I want to know if
there is a possible solution to resolve sid to gid conversion for samba
builtin groups by winbind with idmap_rid.
smb.conf
[global]
workgroup = MYDOMAIN
security = ads or domain
allow trust domains = no
idmap backend = idmap_rid:"MYDOMAIN=50000-60000"
idmap uid = 50000-60000
idmap gid = 50000-60000
......
Any information is really appreciated.
-Ying
More information about the samba
mailing list