[Samba] idmap_ad not returning correct UID under 3.3.1
Bryan McLellan
btm at loftninjas.org
Sat Mar 7 04:16:25 GMT 2009
I'm testing winbind 3.3.1-1ubuntu1 (jaunty) and my user stored in AD
is consistently being returned with a UID of 1000, rather than 10031,
which is whats stored in LDAP/AD under uidNumber. If I install the
3.2.3-1ubuntu3.4 packages from intrepid, 'id bryanm' correctly returns
10031, but when upgrading back to 3.3.1-1ubuntu1, I get the wrong UID
again. I did an install from source as well and experience the same
conditions, but can't guarantee it was setup correctly since it was in
an error state.
I see some interesting errors about being unable to find domain '*'
which I'll attach to the end. Perhaps this is part of the new support
of idmap_ad for multiple domains? Has configuration changed and the
man pages not been updated perhaps, where one has to specify a domain
to use specifically due to this feature?
>From winbindd -i -s /etc/samba/smb.conf -d10 -n
3.3.1:
idmap_sid_to_uid: sid =
[S-1-5-21-1659249844-2332029812-1458590236-1419], domain = ''
Returning valid cache entry: key =
IDMAP/SID2UID/S-1-5-21-1659249844-2332029812-1458590236-1419, value =
1000, timeout = Fri Mar 13 17:01:56 2009
idmap_cache_find_sid2uid found 1000
Returning positive cache entry
3.2.3:
idmap_sid_to_uid: sid = [S-1-5-21-1659249844-2332029812-1458590236-1419]
Returning valid cache entry: key =
IDMAP/SID/S-1-5-21-1659249844-2332029812-1458590236-1419, value =
IDMAP/UID/10031, timeout = Fri Mar 6 19:52:16 2009
current smb.conf (lots of tinkering):
[global]
security = ADS
workgroup = WM
realm = CORP.WIDEMILE.COM
server string = %h server (Samba %v)
idmap backend = ad
idmap config CORP.WIDEMILE.COM : schema_mode = rfc2307
idmap uid = 1000-20000
idmap gid = 1000-20000
winbind enum users = Yes
winbind enum groups = Yes
winbind nss info = sfu
winbind use default domain = Yes
winbind nested groups = Yes
template shell = /bin/bash
template homedir = /home/%U
allow trusted domains = No
domain master = no
ldap ssl = off
domain '*' errors:
ad_idmap_cached_connection: called for domain '*'
Cache entry with key = SAFJOIN/DOMAIN/* couldn't be found
Cache entry with key = SAF/DOMAIN/* couldn't be found
saf_fetch: failed to find server for "*" domain
ldap_server from saf cache: ''
find_domain_from_name_noinit did not find domain '*'
get_sorted_dc_list: attempting lookup for name * (sitename NULL) using
[lmhosts wins host bcast]
Cache entry with key = SAFJOIN/DOMAIN/* couldn't be found
Cache entry with key = SAF/DOMAIN/* couldn't be found
saf_fetch: failed to find server for "*" domain
get_dc_list: preferred server list: ", *"
internal_resolve_name: looking up *#1c (sitename (null))
Cache entry with key = NBT/*#1C couldn't be found
no entry for *#1C found.
resolve_lmhosts: Attempting lmhosts lookup for name *<0x1c>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
such file or directory
resolve_wins: Attempting wins lookup for name *<0x1c>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: not appropriate for name type <0x1c>
name_resolve_bcast: Attempting broadcast lookup for name *<0x1c>
Hefty -d10 logs at: http://serenity.ninjr.org/~btm/winbind/
More information about the samba
mailing list