[Samba] Idmap creates unnecessary group entry
Martin Werthmöller
mw at lw-systems.de
Tue Jan 15 20:00:40 GMT 2008
Hy Samba users,
I've got a problem with an samba/ldap setup. As I set an ACL to a domain
group in an windows client, a group mapping entry will be created in the
Idmap ou at the ldap server.
I discoverd the OpenLDAP logfiles. There, the server sends a search
request for the domain group sid to the ldap backend will retreive an
entry back:
Jan 15 20:19:24 225 slapd[4518]: conn=190 op=24 SRCH
base="ou=Groups,dc=lw-systems,dc=net" scope=2 deref=0
filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-4205727931-4131263253-1851132061-3019))"
Jan 15 20:19:24 225 slapd[4518]: conn=190 op=24 SRCH attr=gidNumber
sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 15 20:19:24 225 slapd[4518]: conn=190 op=24 SEARCH RESULT tag=101
err=0 nentries=1 text=
The samba log files shows, that no entry was found.
[2008/01/15 20:19:25, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
[2008/01/15 20:19:25, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1570)
ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-4205727931-4131263253-1851132061-3019] count=0
[2008/01/15 20:19:25, 2] passdb/pdb_ldap.c:init_group_from_ldap(2200)
init_group_from_ldap: Entry found for group: 1009
[2008/01/15 20:19:25, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2
I guess, the Idmap entry will be created, since the samba server supposes,
no group SID will be available at the backend.
Do anyone has any ideas about this behavior?
Maybe its my misunderstanding of the idmapping in samba...
Best regards,
Martin Werthmoeller
--
LWsystems - IT-Service and Consulting
mw at lw-systems.de * http://www.lw-systems.de
More information about the samba
mailing list