with most recent git master smbd fails to start in AD DC mode
Jeremy Allison
jra at samba.org
Sat Mar 22 21:11:41 MDT 2014
On Sat, Mar 22, 2014 at 07:55:49PM -0700, Jeremy Allison wrote:
> On Sun, Mar 23, 2014 at 01:03:35PM +1300, Andrew Bartlett wrote:
> > On Sat, 2014-03-22 at 12:39 -0700, Jeremy Allison wrote:
> > >
> > > username -> getpwnam() -> uid_to_sid() -> sid_to_uid() -> getpwuid() -> username
> >
> > | This part |
> >
> > doesn't happen in the AD DC case. We start with a SID from the sam.ldb
> > database.
>
> Are you saying this SID from the sam.ldb database doesn't
> map to a UNIX uid ? It is only the guest SID that is causing
> the problem for Günter.
>
> I guess I don't understand what you're trying to tell
> me here (explain like I'm five please :-).
Just to be clear what I don't understand :-).
Even if the 'username -> getpwnam() -> uid_to_sid()'
part isn't done and we start with a SID from sam.ldb,
if this SID is a primary user in a token (which
it is in this case) I would expect that we must
be able to do :
sid_to_uid() -> getpwuid()
and get back a valid 'struct passwd' coming
from the smbd winbindd, or if we're inside the AD-DC
code coming from the built-in winbindd.
Even if winbindd isn't running the SID
should be from the 'legacy' uid_to_sid/sid_to_uid
code so it should still map to a valid user
on the system (*somewhere* inside /etc/passwd :-).
Under what circumstances is this not the
case ?
Remember we're creating a token here which
is then mapped into a UNIX uid+gid_list
credential struct that can be set on the
process, so I think it needs to mean *something*
to the system.
Jeremy.
More information about the samba-technical
mailing list