[Samba] winbind idmap backend = ad : repeated error 'could not read
Jonathan C. Detert
Jonathan.Detert at msoe.edu
Mon Apr 30 21:36:04 GMT 2007
I have several servers running winbind v3.0.22 with 'idmap backend = ad'
and 'winbind nss info = sfu' with no noticable problems except
that /var/log/samba/log.winbindd-idmap repeatedly has lines the read
[2007/04/30 11:20:19, 1] sam/idmap_ad.c:ad_idmap_get_id_from_sid(329)
ad_idmap_get_id_from_sid: ads_pull_uint32: could not read attribute
This mailing list thread:
found the cause of this symptom to be that the msad domain
'authenticated user' didn't have read permission on the attribute. I
don't think that's the problem in my case (but am not sure my test is
valid): Using openldap's ldapsearch, I authenticated as a unprivileged
domain user, and was able to read the msSFU30GidNumber attribute.
Any idea what the problem is, what it affects, and how to resolve it?
More information about the samba