[Samba] Wbinfo -Y couldn't work with idmap_rid for BUILTIN groups

Stefanos Karasavvidis sk at isc.tuc.gr
Sat Aug 27 07:19:06 GMT 2005


Did you find any solution to this? I'm experiencing a similar problem 
with all the builtin groups

sk
Li, Ying (ESG) wrote:
> Hi,
> 
> wbinfo -Y BUILTIN\group can work without idmap_rid in Samba-3.0.14a. But
> I'm experiencing wbinfo -Y with idmap_rid failed for SID to GID
> conversion of BUILTIN groups. 
> 
> Since idmap_rid only works in a single domain, and captures workgroup's
> domain sid as a real domain sid in rid_idmap_get_domains(), when running
> "wbinfo -Y BUILTIN/System Operators", the function
> rid_idmap_get_id_from_sid() checks if incoming sid is same with
> workgroup domain sid by following comparison:
> 470   if ( sid_compare_domain(sid, &sidstr) == 0 )
> 
> This would let the first "for" loop continue to go to the end, and make
> the loop variable i equal to trust.number(=1). And the code after the
> loop
> 474        if (i == trust.number) {
> 475                DEBUG(0,("rid_idmap_get_id_from_sid: no suitable
> range available for sid: %s\n",
> 476                        sid_string_static(sid)));
> 477                return NT_STATUS_INVALID_PARAMETER;
> 478        }
> 
> leads to generate an error with "no suitable range available for sid:",
> even if both 
> idmap uid range and idmap gid range are exactly equal to idmap_rid range
> in smb.conf.
> 
> So I'm wondering idmap_rid capability. I'd like to ask somebody if
> idmap_rid can work with BUILTIN group. If the answer is yes, How do we
> get Samba BUILTIN groups' SID? If the answer is no, I want to know if
> there is a possible solution to resolve sid to gid conversion for samba
> builtin groups by winbind with idmap_rid.
> 
> smb.conf
> [global]
>    workgroup = MYDOMAIN
>    security = ads or domain
>    allow trust domains = no
>    idmap backend = idmap_rid:"MYDOMAIN=50000-60000"
>    idmap uid = 50000-60000
>    idmap gid = 50000-60000
>    ......
> 
> Any information is really appreciated.
> -Ying

-- 
======================================================================
Stefanos Karasavvidis
Electronic & Computer Engineer, M.Eng.
e-mail : sk at isc.tuc.gr

Technical University of Crete, Campus
Information Systems Center
Address: Akrotiri, Chania, 73100
Tel.: Library Buildings
       (+30) 28210 37352, (+30) 28210 37355, (+30) 28210 37376
       Environmental Engineering Buildings
       (+30) 28210 37766
Fax:  (+30) 28210 37571


More information about the samba mailing list