[Samba] gid to sid question

Andrew Tranquada andrew.tranquada at gmail.com
Fri Mar 12 10:16:46 MST 2010


I am very curious as to why this happens, as it makes us worry a bit when
checking the winbind logs.
We are using winbind to do sid -> uid/gid mappings with the hash idmap
backend. We are using samba 3.4.5.
What we see is:
when we login and do run "id" we get what we should see
(uid=<number>,gid=<number>,groups=<number>(group_name)" however at the very
end of the list, we get just a number
however if I do id <my currently logged in user>
I do not see that number at the end.
 $ id
uid=373294482(<redacted>) gid=373293569(<redacted>)
groups=373293568(<redacted>),373293569(<redacted>),373293628(<redacted>),373294172(<redacted>),373294207(<redacted>),373294210(<redacted>),373294701(<redacted>),373295722(<redacted>),1096848426

$ id <my current logged in user>
uid=373294482(<redacted>) gid=373293569(<redacted>)
groups=373293569(<redacted>),373293628(<redacted>),373295722(<redacted>),373294172(<redacted>),373294701(<redacted>),373293568(<redacted>),373294207(<redacted>),373294210(<redacted>)

which then produces the following in log.winbindd
could not convert gid 1096848426 to sid

Any idea why this happens? Is it something we need to be concerned about?
(this happened before using samba 3.0.33 and the rid idmap backend, as well)

our smb.conf
netbios name = <redacted>
workgroup = <redacted>
security = ads
realm = <redacted>
        kerberos method = system keytab
        idmap backend = hash
        idmap uid = 4000-100000000
        idmap gid = 4000-100000000
        winbind enum users = yes
        winbind enum groups = yes
        auth methods = winbind
        template shell = /bin/bash
        password server = <redacted>
        template homedir = <redacted>
        winbind normalize names = yes
        winbind use default domain = yes
        allow trusted domains = no
        winbind cache time = 3600




Thank you!

-- 
Andrew Tranquada


More information about the samba mailing list