[Samba] winbind sometimes does not resolve sid to a name
Shirish Pargaonkar
shirishpargaonkar at gmail.com
Mon Nov 8 12:21:30 MST 2010
Sometimes a group sid does not get resolved to its name.
Is this a settings problem? Looks like winbind deamon
went dormant for a while and then woke up?
I am using interface wbcLookupSid provided by the
library libwbclient.so for resolving sids to names.
These are the winbind related parameters in
/etc/samba/smb.conf
[global]
# separate domain and username with '\', like DOMAIN\username
winbind separator = \
#
# use uids from 10000 to 20000 for domain users
idmap uid = 10000-20000
# use gids from 10000 to 20000 for domain groups
idmap gid = 10000-20000
# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
cifstest6:/tmp # date;/tmp/getcifsacl /mnt/smb_c/Makefile
Mon Nov 8 11:03:43 CST 2010
Revision: 0x1
Type: 0x9404
Owner: BUILTIN\Administrators
Group: CIFSTESTDOM\Domain Users
ACE: CIFSTESTDOM\Administrator: Allowed/ 0x0/ 0x1700a1
ACE: BUILTIN\Performance Log Users: Allowed/ 0x0/ CHANGE
ACE: CIFSTESTDOM\stevef: Allowed/ 0x0/ FULL
cifstest6:/tmp # date;/tmp/getcifsacl /mnt/smb_c/Makefile
Mon Nov 8 11:08:59 CST 2010
Revision: 0x1
Type: 0x9404
Owner: BUILTIN\Administrators
Group: CIFSTESTDOM\Domain Users
ACE: CIFSTESTDOM\Administrator: Allowed/ 0x0/ 0x1700a1
ACE: BUILTIN\Performance Log Users: Allowed/ 0x0/ CHANGE
ACE: CIFSTESTDOM\stevef: Allowed/ 0x0/ FULL
cifstest6:/tmp # date;/tmp/getcifsacl /mnt/smb_c/Makefile
Mon Nov 8 11:09:08 CST 2010
Revision: 0x1
Type: 0x9404
Owner: BUILTIN\Administrators
Group: CIFSTESTDOM\Domain Users
ACE: CIFSTESTDOM\Administrator: Allowed/ 0x0/ 0x1700a1
ACE: BUILTIN\Performance Log Users: Allowed/ 0x0/ CHANGE
ACE: CIFSTESTDOM\stevef: Allowed/ 0x0/ FULL
cifstest6:/tmp # date;/tmp/getcifsacl /mnt/smb_c/Makefile
Mon Nov 8 11:23:38 CST 2010
Revision: 0x1
Type: 0x9404
Owner: BUILTIN\Administrators
Group: CIFSTESTDOM\Domain Users
ACE: CIFSTESTDOM\Administrator: Allowed/ 0x0/ 0x1700a1
ACE: BUILTIN\Performance Log Users: Allowed/ 0x0/ CHANGE
ACE: CIFSTESTDOM\stevef: Allowed/ 0x0/ FULL
cifstest6:/tmp # date;/tmp/getcifsacl /mnt/smb_c/Makefile
Mon Nov 8 12:59:07 CST 2010
Revision: 0x1
Type: 0x9404
Owner: BUILTIN\Administrators
Group: S-1-5-21-2849063682-2007077719-983662776-513 <-------------
ACE: CIFSTESTDOM\Administrator: Allowed/ 0x0/ 0x1700a1
ACE: BUILTIN\Performance Log Users: Allowed/ 0x0/ CHANGE
ACE: CIFSTESTDOM\stevef: Allowed/ 0x0/ FULL
cifstest6:/tmp # date;/tmp/getcifsacl /mnt/smb_c/Makefile
Mon Nov 8 13:06:43 CST 2010
Revision: 0x1
Type: 0x9404
Owner: BUILTIN\Administrators
Group: CIFSTESTDOM\Domain Users
ACE: CIFSTESTDOM\Administrator: Allowed/ 0x0/ 0x1700a1
ACE: BUILTIN\Performance Log Users: Allowed/ 0x0/ CHANGE
ACE: CIFSTESTDOM\stevef: Allowed/ 0x0/ FULL
More information about the samba
mailing list