[Samba] Re: [IDMAP AD] Strange questions on uid/gid resolution.
Neal A. Lucier
nlucier at math.purdue.edu
Wed Aug 23 16:05:30 GMT 2006
Chun Kit Hui wrote:
> I am using Win2003 with SFU 3.5 (not R2) as domain controller. I enabled
> UNIX attributes of several users and groups. I use idmap = ad to connect to
> my Win2003 box and setup the winbind / nss accordingly. wbinfo -u / -g work
> fine, getent passwd / group works fine, chown works fine, id <username>
> works fine. But when I tries to use ls or groups <username>, it returns the
> error "id: cannot find name for <GROUP>" and ls just shows the uid/gid
> instead of the name.
> Any ideas?
I noticed the same behavior with 3.0.23a, idmap=ad, and w2k3 r2 on
Solaris/SPARC. I tracked the issue to that though winbind could do
username->uid it could not do uid->username; i.e.:
% getent passwd nlucier
nlucier:x:501:1:Neal Antoine Lucier:/home/nlucier:/bin/tcsh
% getent passwd 501
'truss'ing the getent I could see that libnss_winbind was putting the
501 into the door(?) file shared with winbindd but all zeros would be
returned. When nlucier was put into the same file winbindd would
happily return everything. That's as far as I traced it, because Jerry
then confirmed the bug with implicit mapping of users by name, which is
the config I want to use.
More information about the samba