[Samba] "net lookup sid" fails to get user's domain
Frank Mori Hess
frank.hess at nist.gov
Mon Mar 7 14:03:58 MST 2011
When I run the following "net lookup sid" command, I get:
# net lookup sid S-1-5-21-1908027396-2059629336-315576832-12220
S-1-5-21-1908027396-2059629336-315576832-12220 1 (User) \fhess
This is wrong in that "\fhess" should be "NIST\fhess". The other direction
works fine:
# net lookup name "NIST\fhess"
S-1-5-21-1908027396-2059629336-315576832-12220 1 (User) NIST\fhess
wbinfo works fine in both directions:
# wbinfo -s S-1-5-21-1908027396-2059629336-315576832-12220
NIST\fhess 1
# wbinfo -n "NIST\fhess"
S-1-5-21-1908027396-2059629336-315576832-12220 SID_USER (1)
Another sympton is on windows clients, in the security tab of the file
properties dialog, it will just list the short user names of users, for
example "myusername", instead of the person's full info, for example: "Doe,
john (myusername at xyz.com)". This is on a file being served by the samba
server with the "net lookup sid" problem.
I am using samba from Debian Squeeze (3.5.6). It used to work fine with the
Debian Lenny version (3.2.5). The output of "net lookup sid" with debug
turned up to 10 is attached.
Anyone have a clue what is going on? I'm happy to provide more info if
needed to debug.
-------------- next part --------------
# net lookup sid S-1-5-21-1908027396-2059629336-315576832-12220 -d 10
[2011/03/07 15:56:02, 5] lib/debug.c:405(debug_dump_status)
INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
registry: False/0
[2011/03/07 15:56:02, 3] param/loadparm.c:9158(lp_load_ex)
lp_load_ex: refreshing parameters
[2011/03/07 15:56:02, 3] param/loadparm.c:4929(init_globals)
Initialising global parameters
[2011/03/07 15:56:02, 2] param/loadparm.c:4788(max_open_files)
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
[2011/03/07 15:56:02.369722, 3] ../lib/util/params.c:550(pm_process)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2011/03/07 15:56:02.369747, 3] param/loadparm.c:7842(do_section)
Processing section "[global]"
doing parameter workgroup = NIST
doing parameter server string = %h (CNST File Server)
doing parameter dns proxy = no
doing parameter interfaces = eth0
doing parameter bind interfaces only = yes
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 1000
doing parameter syslog = 0
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter security = ADS
doing parameter password server = ws014.campus.nist.gov ws017.campus.nist.gov ws019.campus.nist.gov
doing parameter realm = CAMPUS.NIST.GOV
doing parameter encrypt passwords = true
doing parameter passdb backend = ldapsam:ldap://localhost/
doing parameter ldap admin dn = cn=admin,dc=lamp,dc=nist,dc=gov
doing parameter ldap suffix = dc=lamp,dc=nist,dc=gov
doing parameter ldap group suffix = ou=Group
doing parameter ldap user suffix = ou=People
doing parameter ldap machine suffix = ou=Machines
doing parameter ldap idmap suffix = ou=Idmap
doing parameter ldap ssl = Off
doing parameter obey pam restrictions = yes
doing parameter unix password sync = yes
doing parameter passwd program = /usr/bin/passwd %u
doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
doing parameter pam password change = yes
doing parameter load printers = no
doing parameter domain master = no
doing parameter local master = no
doing parameter preferred master = no
doing parameter os level = 0
doing parameter idmap uid = 1000-250000
doing parameter idmap gid = 1000-250000
doing parameter template shell = /bin/bash
doing parameter idmap backend = ldap:"ldap://localhost/"
doing parameter idmap config ALLDOMAINS:backend = ldap
doing parameter idmap config ALLDOMAINS:ldap_base_dn = dc=lamp,dc=nist,dc=gov
doing parameter idmap alloc backend = ldap
doing parameter idmap alloc config:ldap_base_dn = ou=Idmap,dc=lamp,dc=nist,dc=gov
doing parameter idmap alloc config:ldap_url = ldap://localhost/
doing parameter idmap alloc config:range = 200000-250000
doing parameter idmap alloc config:ldap_user_dn = cn=admin,dc=lamp,dc=nist,dc=gov
doing parameter winbind use default domain = true
doing parameter map hidden = no
doing parameter map system = no
doing parameter map archive = no
doing parameter store dos attributes = yes
doing parameter map acl inherit = yes
doing parameter ea support = yes
doing parameter acl map full control = yes
doing parameter acl group control = no
doing parameter inherit owner = no
doing parameter inherit permissions = no
doing parameter inherit acls = no
doing parameter restrict anonymous = 2
[2011/03/07 15:56:02.370278, 4] param/loadparm.c:9193(lp_load_ex)
pm_process() returned Yes
[2011/03/07 15:56:02.370289, 7] param/loadparm.c:9399(lp_servicenumber)
lp_servicenumber: couldn't find homes
[2011/03/07 15:56:02.370301, 10] param/loadparm.c:8403(set_server_role)
set_server_role: role = ROLE_DOMAIN_MEMBER
[2011/03/07 15:56:02.370313, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UCS-2LE
[2011/03/07 15:56:02.370330, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UCS-2LE
[2011/03/07 15:56:02.370339, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UTF-16LE
[2011/03/07 15:56:02.370350, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UTF-16LE
[2011/03/07 15:56:02.370363, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UCS-2BE
[2011/03/07 15:56:02.370371, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UCS-2BE
[2011/03/07 15:56:02.370379, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UTF-16BE
[2011/03/07 15:56:02.370388, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UTF-16BE
[2011/03/07 15:56:02.370396, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UTF8
[2011/03/07 15:56:02.370404, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UTF8
[2011/03/07 15:56:02.370412, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UTF-8
[2011/03/07 15:56:02.370420, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UTF-8
[2011/03/07 15:56:02.370428, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset ASCII
[2011/03/07 15:56:02.370454, 5] lib/iconv.c:112(smb_register_charset)
Registered charset ASCII
[2011/03/07 15:56:02.370463, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset 646
[2011/03/07 15:56:02.370472, 5] lib/iconv.c:112(smb_register_charset)
Registered charset 646
[2011/03/07 15:56:02.370480, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset ISO-8859-1
[2011/03/07 15:56:02.370489, 5] lib/iconv.c:112(smb_register_charset)
Registered charset ISO-8859-1
[2011/03/07 15:56:02.370497, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UCS2-HEX
[2011/03/07 15:56:02.370505, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UCS2-HEX
[2011/03/07 15:56:02.370526, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2011/03/07 15:56:02.370671, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2011/03/07 15:56:02.370698, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2011/03/07 15:56:02.370713, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2011/03/07 15:56:02.370727, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2011/03/07 15:56:02.370740, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2011/03/07 15:56:02.370754, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2011/03/07 15:56:02.370772, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2011/03/07 15:56:02.370787, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2011/03/07 15:56:02.370801, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2011/03/07 15:56:02.370827, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2011/03/07 15:56:02.370865, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2011/03/07 15:56:02.370890, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2011/03/07 15:56:02.370912, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2011/03/07 15:56:02.370950, 5] lib/util.c:276(init_names)
Netbios name list:-
my_netbios_names[0]="CARAFE"
[2011/03/07 15:56:02.371076, 2] lib/interface.c:340(add_interface)
added interface eth0 ip=fe80::230:48ff:fef0:c74%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
[2011/03/07 15:56:02.371136, 2] lib/interface.c:340(add_interface)
added interface eth0 ip=129.6.134.233 bcast=129.6.134.255 netmask=255.255.255.0
[2011/03/07 15:56:02.371164, 10] passdb/lookup_sid.c:965(lookup_sid)
lookup_sid called for SID 'S-1-5-21-1908027396-2059629336-315576832-12220'
[2011/03/07 15:56:02.371261, 10] passdb/lookup_sid.c:720(check_dom_sid_to_level)
Accepting SID S-1-5-21-1908027396-2059629336-315576832 in level 1
[2011/03/07 15:56:02.371275, 10] passdb/lookup_sid.c:480(lookup_rids)
lookup_rids called for domain sid 'S-1-5-21-1908027396-2059629336-315576832'
[2011/03/07 15:56:02.371572, 10] passdb/lookup_sid.c:1000(lookup_sid)
Sid S-1-5-21-1908027396-2059629336-315576832-12220 -> \fhess(1)
[2011/03/07 15:56:02.371595, 10] intl/lang_tdb.c:138(lang_tdb_init)
lang_tdb_init: /usr/share/samba/en_US.UTF-8.msg: No such file or directory
[2011/03/07 15:56:02.371700, 2] utils/net.c:916(main)
return code = 0
[2011/03/07 15:56:02.371720, 5] lib/gencache.c:65(gencache_init)
Opening cache file at /var/run/samba/gencache.tdb
[2011/03/07 15:56:02.371818, 5] lib/gencache.c:108(gencache_init)
Opening cache file at /var/run/samba/gencache_notrans.tdb
S-1-5-21-1908027396-2059629336-315576832-12220 1 (User) \fhess
More information about the samba
mailing list