[Samba] winbindd to NT 4.0

Michael Coburn mcoburn at jupiterimages.com
Mon Dec 11 22:14:47 GMT 2006


I'm not sure why this happens either.  It's as if Samba and/or Windows 
taints the idmap file, maybe through a system crash or corruption when 
the file is updated?

Just to be safe, I would mount those shares from a Windows machine and 
confirm that the ACLs are still correct and work as you expect.
--
Michael Coburn

Travis Bullock wrote:
> Thanks Michael, I really appreciate the help and that worked like a charm.
>
> Any idea why it would have "broke"?
>
> Cheers,
>
> Travis Bullock
> Systems Administrator
> Avmax Group Inc.
>
>
> ----- Original Message -----
> From: Michael Coburn <mcoburn at jupiterimages.com>
> To: samba <samba at lists.samba.org>
> Sent: Monday, December 11, 2006 1:50:39 PM GMT-0700 US/Mountain
> Subject: Re: [Samba] winbindd to NT 4.0
>
> Take a backup up of your winbindd_idmap.tdb file, delete the current one 
> (on Ubuntu 6.06 it's in /var/lib/samba), restart winbind, and see if you 
> can chown the group.
> --
> Michael Coburn
>
> Travis Bullock wrote:
>   
>> Another snippet showing up in the winbind.log:
>>
>> [2006/12/11 13:00:01, 10] nsswitch/winbindd.c:process_request(287)
>>   process_request: request fn GETGROUPS
>> [2006/12/11 13:00:01, 3] nsswitch/winbindd_group.c:winbindd_getgroups(991)
>>   [    0]: getgroups root
>> [2006/12/11 13:00:01, 5] nsswitch/winbindd_group.c:winbindd_getgroups(1008)
>>   Could not parse domain user: root
>> [2006/12/11 13:00:01, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1953)
>>   Retrieving response for pid 12781
>> [2006/12/11 13:00:01, 5] nsswitch/winbindd_async.c:winbindd_gettoken_async(1002)
>>   Could not find domain from SID S-1-22-1-0
>>
>>
>> Travis Bullock
>> Systems Administrator
>> Avmax Group Inc.
>>
>>
>> ----- Original Message -----
>> From: Travis Bullock <tbullock at avmax.ca>
>> To: samba <samba at lists.samba.org>
>> Sent: Monday, December 11, 2006 11:46:02 AM GMT-0700 US/Mountain
>> Subject: Re: [Samba] winbindd to NT 4.0
>>
>> Further to this issue, here is the error message in /var/log/samba/winbind.log when I execute the following command:
>>
>> chown -R root:'avmax+domain admins' AC_Manuals
>>
>> [2006/12/11 12:52:13, 10] sam/idmap_util.c:idmap_sid_to_gid(99)
>>   sid_to_gid: sid = [S-1-5-21-1488804738-1547898658-398547282-512]
>> [2006/12/11 12:52:13, 5] passdb/pdb_interface.c:pdb_default_sid_to_id(1292)
>>   Sid S-1-5-21-1488804738-1547898658-398547282-512 is neither ours nor builtin, don't know it
>> [2006/12/11 12:52:13, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(306)
>>   error converting unix gid to sid
>>
>> Cheers,
>>
>> Travis Bullock
>> Systems Administrator
>> Avmax Group Inc.
>>
>>
>> ----- Original Message -----
>> From: Travis Bullock <tbullock at avmax.ca>
>> To: samba <samba at lists.samba.org>
>> Sent: Saturday, December 9, 2006 4:29:02 PM GMT-0700 US/Mountain
>> Subject: Re: [Samba] winbindd to NT 4.0
>>
>> Anyone have any ideas?
>>
>> Travis Bullock
>> Systems Administrator
>> Avmax Group Inc.
>>
>>
>> ----- Original Message -----
>> From: Travis Bullock <tbullock at avmax.ca>
>> To: samba <samba at lists.samba.org>
>> Sent: Friday, December 8, 2006 10:56:16 AM GMT-0700 US/Mountain
>> Subject: [Samba] winbindd to NT 4.0
>>
>> Hi, 
>>
>> I have a Samba server Version 3.0.14a-2. It has been working flawlessly for close to a year. I utilize winbindd to a NT4.0 domain to authenticate users to my Samba shares. 
>>
>> All of a sudden, the shares are no longer accessible to Windows machines. An ls on an example directory shows: 
>>
>> drwxrws--- 15 root 10000 4096 Dec 6 11:21 AC_Manuals 
>>
>> This is wierd because the 10000 should show AVMAX+Domain Admins 
>>
>> So wbinfo -g works. It displays the Domain Accounts on my NT4.0 PDC. 
>>
>> However, when I try and chown a directory, this is what I get: 
>>
>> [root at gfm-atlas GFM_Shares]# chown -R root:'amvax+domain admins' AC_Manuals/ 
>> chown: `root:amvax+domain admins': invalid group 
>>
>> Nor can I use setfacl commands. 
>>
>> net rpc join worked fine for me when I tried to re-join the Domain 
>>
>> I am not running nscd 
>>
>> Any suggestions would be appreciated. 
>>
>> Cheers, 
>>
>> Travis Bullock 
>>
>>
>>   
>>     


More information about the samba mailing list