samba - Apr 2004 - create_canon_ace_lists: unable to map SID

Hi all,

	I'm trying to get a Samba server (which is a member of a Samba
controlled domain) to store WinXP Pro user's profiles.  The XP user
is authenticating against a 2003 Active Directory server, which then tells
it to store it's profile on my Samba server.


The 'profiles' share exists and is writeable and under some
circumstances
we can get profiles to be stored there, however, most times we get:-


[2004/04/23 10:22:32, 0] smbd/posix_acls.c:create_canon_ace_lists(1380)
  create_canon_ace_lists: unable to map SID
S-1-5-21-973294077-3660535-3933214913-1177 to uid or gid.

in the samba log files accompanied by an error message on the client.


This is with Samba 3.0.2a on Solaris 9 (the Samba DC is 2.2.8a on IRIX)

The searching I've done so far suggests that I might be able to workaround
this with:-

	nt acl support = no

but I can't find that in Samba 3.x doco?  Has it been retired?


My gut feeling is that the Samba server (or possibly the DC) needs to know
what the user's SID is.  But (since it's not joined to the AD) it
doesn't, and
attempts at autogenerating one will fail to match. Is this close?



                               Mac
          Assistant Systems Adminstrator @nibsc.ac.uk
                        dmccann@nibsc.ac.uk
   Work: +44 1707 641565          Everything else: +44 7956 237670 (anytime)

>
>The searching I've done so far suggests that I might be able to
workaround this with:-
>
>	nt acl support = no
>
>but I can't find that in Samba 3.x doco?  Has it been retired?
>

Whoops.


It is still in there, but the Samba web pages are currently experiencing
difficulties so my search failed to find it.

I'm going to turn it on and see what happens.




                               Mac
          Assistant Systems Adminstrator @nibsc.ac.uk
                        dmccann@nibsc.ac.uk
   Work: +44 1707 641565          Everything else: +44 7956 237670 (anytime)


                               Mac
          Assistant Systems Adminstrator @nibsc.ac.uk
                        dmccann@nibsc.ac.uk
   Work: +44 1707 641565          Everything else: +44 7956 237670 (anytime)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mac wrote:

| [2004/04/23 10:22:32, 0] smbd/posix_acls.c:create_canon_ace_lists(1380)
|   create_canon_ace_lists: unable to map SID
|   S-1-5-21-973294077-3660535-3933214913-1177 to uid or gid.

Sounds like bug 1139 which was fixed in 3.0.3rc1.




cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAjWN7IR7qMdg1EfYRAjM7AJ0cU81QBdVFKGXWT4aBgd9sZ52P2wCeNObi
AOpZtRqgKZ2n7hRO1Smx7D8=oouU
-----END PGP SIGNATURE-----