[Samba] tdb2 idmap script issue
orlando.richards at ed.ac.uk
Wed Feb 13 09:31:43 MST 2013
In our happy adventures in ID mapping between windows and Unix, I've
come across an odd issue with the idmap : script mapping method when
Basically - my idmap script behaves like this:
#idmap.sh IDTOSID GID 123456
as one would hope, and as per the requirements in the idmap_tdb2 man
page. Similarly, it'll return UID:123545 or GID:1234356 in response to
This all works well when calling the script directly, but when running
it through winbind I was getting:
# wbinfo -G 12345
Could not convert gid 12345 to sid
despite the fact that this would return fine:
# idmap.sh IDTOSID 12345
However, going the other way would always work fine (SIDTOID).
(To be clear - I was flushing the cache and deleting the relevant
entries from the tdb's between lookups.)
In a flash of inspiration, I changed the "echo SID:$SID" line in my
idmap to be "printf SID:$SID" so that it didn't give a newline in the
response, and, lo and behold, it magically started working fine!
Note that the SIDTOID calls still use "echo GID:$GID", and not printf,
and work fine.
So - a quick patch to the example "idmap-nis.sh" script might act as a
--- examples/scripts/idmap/idmap_nis.sh.orig 2013-02-13
+++ examples/scripts/idmap/idmap_nis.sh 2013-02-13 16:27:18.633913917 +0000
@@ -108,7 +108,7 @@
echo "ERR: name $name not found in ADS"
- echo "SID:$sid"
+ printf "SID:$sid"
echo "ERR: Unknown command $cmd"
but I'm afraid my efforts to dig into the source3/winbindd/idmap_tdb2.c
code came up against my non-coder impenetrable barrier of fail!
Hope this helps someone - let me know if you think I should do anything
further with this (like submitting a bug).
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
More information about the samba