I recently have upgraded from Samba 2.2.8 to 3.0.7. I am using LDAP
as a backend, but I'm running into a problem. Namely, since my user
entries have no sambaSID attribute, Samba decides they don't exist.
(At least, that's how it looks in the logs, included below.) I've
looked through the conversion script that's included with Samba 3, but
it just uses the rid attribute, which I also don't have assigned in
any of my users.
Is there any way to algorithmically convert a unix uid to an sid? I'd
like to just run a script through all of my users to grab the uid,
convert to an rid, prepend my system sid, and write it to the sambaSID
attribute.
Here's the log excerpt that lead me to believe that it's having
problems with the SID:
[...snip...]
[2004/10/04 14:57:39, 10] passdb/pdb_get_set.c:pdb_set_nt_username(679)
pdb_set_nt_username: setting nt username stpierre, was
[2004/10/04 14:57:39, 10] passdb/pdb_get_set.c:pdb_set_init_flags(525)
element 15 -> now SET
[2004/10/04 14:57:39, 10] lib/smbldap.c:smbldap_get_single_attribute(309)
smbldap_get_single_attribute: [sambaSID] = [<does not exist>]
[2004/10/04 14:57:39, 10] lib/smbldap.c:smbldap_get_single_attribute(309)
smbldap_get_single_attribute: [sambaPrimaryGroupSID] = [<does not
exist>]
[2004/10/04 14:57:39, 10] passdb/pdb_get_set.c:pdb_set_group_sid(588)
pdb_set_group_sid: setting group sid
S-1-5-21-2507527290-1625623118-1076039497-513
[2004/10/04 14:57:39, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100)
pdb_set_group_sid_from_rid:
setting group sid S-1-5-21-2507527290-1625623118-1076039497-513 from rid 513
[2004/10/04 14:57:39, 1] passdb/pdb_ldap.c:init_sam_from_ldap(539)
init_sam_from_ldap: no sambaSID or sambaSID attribute found for this user
stpierre
[2004/10/04 14:57:39, 1] passdb/pdb_ldap.c:ldapsam_getsampwnam(1278)
ldapsam_getsampwnam: init_sam_from_ldap failed for user 'stpierre'!
[2004/10/04 14:57:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/10/04 14:57:39, 3] auth/auth_sam.c:check_sam_security(244)
check_sam_security: Couldn't find user 'stpierre' in passdb file.
[2004/10/04 14:57:39, 5] auth/auth.c:check_ntlm_password(271)
check_ntlm_password: sam authentication for user [stpierre] FAILED with error
NT_STATUS_NO_SUCH_USER
[2004/10/04 14:57:39, 3] auth/auth_winbind.c:check_winbind_security(80)
check_winbind_security: Not using winbind, requested domain [NWU_TEST] was for
this SAM.
[2004/10/04 14:57:39, 10] auth/auth.c:check_ntlm_password(259)
check_ntlm_password: winbind had nothing to say
[2004/10/04 14:57:39, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [stpierre] -> [stpierre]
FAILED with error NT_STATUS_NO_SUCH_USER
[...snip...]
I've googled for the algorithm, but everyone else seems to be more
interested in converting sids to uids. Any ideas? Thanks.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
402.465.7549