[Samba] Pre-3.023d-Bug in ACL-handling reappears in 3.026a

Jens Nissen jens.nissen at gmx.net
Fri Oct 26 11:15:19 GMT 2007 

# wbinfo -Y S-1-5-11
Could not convert sid S-1-5-11 to gid
# wbinfo -Y S-1-5-13
Could not convert sid S-1-5-13 to gid

(S-1-5-11 are the Authenticated Users, S-1-5-13 are the Terminal Server
Users.)
This bug was finally solved in release 3.023d.
Now it is back again.

How can I get this working?
I'm using idmap/tdb - would another idmap-module solve this issue?

The winbind log looks like this:

[2007/10/26 13:06:09, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 18
[2007/10/26 13:06:09, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn INTERFACE_VERSION
[2007/10/26 13:06:09, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(491)
  [20989]: request interface version
[2007/10/26 13:06:09, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2007/10/26 13:06:09, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524)
  [20989]: request location of privileged pipe
[2007/10/26 13:06:09, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 19
[2007/10/26 13:06:09, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn SID_TO_GID
[2007/10/26 13:06:09, 3] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(308)
  [20989]: sid to gid S-1-5-13
[2007/10/26 13:06:09, 10]
nsswitch/winbindd_util.c:find_lookup_domain_from_sid(679)
  find_lookup_domain_from_sid(S-1-5-13)
[2007/10/26 13:06:09, 10]
nsswitch/winbindd_util.c:find_lookup_domain_from_sid(689)
  calling find_our_domain
[2007/10/26 13:06:09, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 2aacfbe0
[2007/10/26 13:06:09, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999509
[2007/10/26 13:06:09, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 2aacfbe0 "async_request_timeout"
[2007/10/26 13:06:09, 10]
nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 20667
[2007/10/26 13:06:09, 7]
nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-13 to a gid
[2007/10/26 13:06:09, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 2aacfbe0
[2007/10/26 13:06:09, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999483
[2007/10/26 13:06:09, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 2aacfbe0 "async_request_timeout"
[2007/10/26 13:06:09, 10]
nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 20684
[2007/10/26 13:06:09, 5]
nsswitch/winbindd_async.c:winbindd_sid2gid_recv(527)
  sid2gid returned an error
[2007/10/26 13:06:09, 5] nsswitch/winbindd_sid.c:sid2gid_recv(254)
  Could not convert sid S-1-5-13

The log for my domain looks like this:

[2007/10/26 13:06:09, 4] nsswitch/winbindd_dual.c:fork_domain_child(1054)
  child daemon request 20
[2007/10/26 13:06:09, 10]
nsswitch/winbindd_dual.c:child_process_request(479)
  process_request: request fn LOOKUPSID
[2007/10/26 13:06:09, 3]
nsswitch/winbindd_async.c:winbindd_dual_lookupsid(754)
  [20666]: lookupsid S-1-5-13
[2007/10/26 13:06:09, 10]
nsswitch/winbindd_util.c:find_lookup_domain_from_sid(679)
  find_lookup_domain_from_sid(S-1-5-13)
[2007/10/26 13:06:09, 10]
nsswitch/winbindd_util.c:find_lookup_domain_from_sid(689)
  calling find_our_domain
[2007/10/26 13:06:09, 10]
nsswitch/winbindd_cache.c:refresh_sequence_number(465)
  refresh_sequence_number: MYDOMAIN time ok
[2007/10/26 13:06:09, 10]
nsswitch/winbindd_cache.c:refresh_sequence_number(499)
  refresh_sequence_number: MYDOMAIN seq number is now 22411
[2007/10/26 13:06:09, 10] nsswitch/winbindd_cache.c:centry_expired(539)
  centry_expired: Key SN/S-1-5-13 for domain MYDOMAIN is good.
[2007/10/26 13:06:09, 10] nsswitch/winbindd_cache.c:wcache_fetch(624)
  wcache_fetch: returning entry SN/S-1-5-13 for domain MYDOMAIN
[2007/10/26 13:06:09, 10] nsswitch/winbindd_cache.c:sid_to_name(1436)
  sid_to_name: [Cached] - cached name for domain MYDOMAIN status:
NT_STATUS_OK
[2007/10/26 13:06:09, 10]
nsswitch/winbindd_cache.c:cache_store_response(2260)
  Storing response for pid 20667, len 3240
[2007/10/26 13:06:09, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 3520/681041

The idmap-log looks like this:

[2007/10/26 13:06:09, 4] nsswitch/winbindd_dual.c:fork_domain_child(1054)
  child daemon request 49
[2007/10/26 13:06:09, 10]
nsswitch/winbindd_dual.c:child_process_request(479)
  process_request: request fn DUAL_SID2GID
[2007/10/26 13:06:09, 3]
nsswitch/winbindd_async.c:winbindd_dual_sid2gid(558)
  [20666]: sid to gid S-1-5-13
[2007/10/26 13:06:09, 10] nsswitch/idmap_util.c:idmap_sid_to_gid(145)
  idmap_sid_to_gid: sid = [S-1-5-13]
[2007/10/26 13:06:09, 10] nsswitch/idmap_util.c:idmap_sid_to_gid(165)
  sid [S-1-5-13] not mapped to an gid [2,2,2439960]
[2007/10/26 13:06:09, 10]
nsswitch/winbindd_async.c:winbindd_dual_sid2gid(570)
  winbindd_dual_sid2gid: 0xc0000073 - S-1-5-13 - 0
[2007/10/26 13:06:09, 10]
nsswitch/winbindd_cache.c:cache_store_response(2260)
  Storing response for pid 20684, len 3240

More information about the samba mailing list