[Samba] winbind idmap backend = ad : repeated error 'could not read
attribute mssfu30gidnumber'
Jonathan C. Detert
Jonathan.Detert at msoe.edu
Mon Apr 30 21:36:04 GMT 2007
Hello,
I have several servers running winbind v3.0.22 with 'idmap backend = ad'
and 'winbind nss info = sfu' with no noticable problems except
that /var/log/samba/log.winbindd-idmap repeatedly has lines the read
like this:
[2007/04/30 11:20:19, 1] sam/idmap_ad.c:ad_idmap_get_id_from_sid(329)
ad_idmap_get_id_from_sid: ads_pull_uint32: could not read attribute
'msSFU30GidNumber'
This mailing list thread:
http://lists.samba.org/archive/samba/2006-October/126484.html
found the cause of this symptom to be that the msad domain
'authenticated user' didn't have read permission on the attribute. I
don't think that's the problem in my case (but am not sure my test is
valid): Using openldap's ldapsearch, I authenticated as a unprivileged
domain user, and was able to read the msSFU30GidNumber attribute.
Any idea what the problem is, what it affects, and how to resolve it?
Thanks,
Jon
More information about the samba
mailing list