[Samba] mapping SID - UID, GID with SFU 3.5

Bjoern_80 at gmx.de Bjoern_80 at gmx.de
Thu May 3 12:12:57 GMT 2007

Hello together, 

I have: 

gentoo with samba-3.0.24 
W2003 AD with SFU 3.5 
uid and gid in SFU 

linux configured to use AD with ldap client for mapping users, groups and 
winbind not configured. 

Everyting works fine except ACL in the linux filesystem: I receive this 
error when I want to add an user access to a file: 

[2006/10/18 09:38:28, 0] (1399) 
create_canon_ace_lists: unable to map SID 
to uid or gid. 

Is it possible to manage ACL without winbind configured? 

I have just found some information about using winbind for this one. 

I have set up an test: 



log level = 2 
dns proxy = no 
domain master = no 
preferred master = no 
workgroup = DOMAIN 
security = ADS 

password server = win2003ads.domain.local 
host msdfs = no 

idmap backend = ad 
winbind nss info = sfu 

#idmap uid = 100-70000 
#idmap gid = 100-70000 

winbind trusted domains only = no 

winbind enum groups = yes 
winbind enum users = yes 
winbind separator = + 
winbind nested groups = yes 
winbind use default domain = yes 

With winbind I have the following problem: 

When I activate idmap uid / gid winbind returns an own uid/gid, not the 
ADS-stored uid/gid. 

When I deactivate this option, winbind tells me, that its not possible to 
convert an S-ID to uid: 

gentooads ~ # wbinfo -S S-1-5-21-2754069521-2579576118-433682804-1204 

gentooads ~ # wbinfo -S S-1-5-21-2754069521-2579576118-433682804-1204 
Could not convert sid S-1-5-21-2754069521-2579576118-433682804-1204 to uid 

If winbind is necessary, how can I use the SFU-attributes? 

Thanks a lot!! 

More information about the samba mailing list