[Samba] setfacl(1) - Can FreeBSD's ACLs contain groups from NT/AD domains ? [SOLUTION]

Wilkinson, Alex alex.wilkinson at dsto.defence.gov.au
Thu Aug 9 12:40:38 GMT 2007


When putting winbindd(8) into debug mode I finally saw the following:

    id S-1-5-21-1957994488-1326574676-725345543-35301 is neither ours, a Unix SID, nor builtin
    error converting unix gid to sid

The hard part was identifying what part of the puzzle I needed to debug in the
first place!  Was it AD? NSS? PAM? Winbind? Samba? ACLs ?

Solution:

Well that was easy when I actually knew the problem. Increase my idmap_rid range.

From:
       idmap config dsto:range         = 10000-20000

To:
       idmap config dsto:range         = 10000-500000

All works now!

 -aW

IMPORTANT: This email remains the property of the Australian Defence Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 1914.  If you have received this email in error, you are requested to contact the sender and delete the email.




More information about the samba mailing list