[Samba] winbind idmap backend = ad : repeated error 'could not read attribute mssfu30gidnumber'

Jonathan C. Detert Jonathan.Detert at msoe.edu
Mon Apr 30 21:36:04 GMT 2007


Hello,

I have several servers running winbind v3.0.22 with 'idmap backend = ad'
and 'winbind nss info = sfu' with no noticable problems except
that /var/log/samba/log.winbindd-idmap repeatedly has lines the read
like this:

[2007/04/30 11:20:19, 1] sam/idmap_ad.c:ad_idmap_get_id_from_sid(329)
  ad_idmap_get_id_from_sid: ads_pull_uint32: could not read attribute
'msSFU30GidNumber'

This mailing list thread:
http://lists.samba.org/archive/samba/2006-October/126484.html 
found the cause of this symptom to be that the msad domain
'authenticated user' didn't have read permission on the attribute.  I
don't think that's the problem in my case (but am not sure my test is
valid): Using openldap's ldapsearch, I authenticated as a unprivileged
domain user, and was able to read the msSFU30GidNumber attribute.

Any idea what the problem is, what it affects, and how to resolve it?

Thanks,

Jon



More information about the samba mailing list