Marc Schiffbauer
2005-Jan-31 16:54 UTC
[Samba] winbind: SID_TO_UID not working for trusted domains?
Hi all,
I have a problem with the mapping sid -> uid.
Setup:
* Samba 3.0.10, security = ads, role is ads member server.
* Several trusted domains
* ADS is in sync with an Openldap server (posixAccount)
* winbind must not use idmap (Because every Winuser already has
an uid which is in ADs and on the Ldap server)
Lets say we have one global domain GLOBAL and several subdomains
A,B,C and D.
Samba is member of A (workgroup = A) and B,C and D are all trusted.
I test sid to uid mapping using wbinfo:
wbinfo -S <sid> only works for users in domain A.
if I try
wbinfo -S <sid of user in B>
I get this:
Could not convert sid <users sid> to uid
As a result, users in other domains than A cannot be added to file
ACLs because Samba cannot find the correct uid belonging to a sid.
Can this be related to the following?
wbinfo -n <user> only works for domain A.
to get
wbinfo -n <user in B>
working I have to tell the domain like:
wbinfo -n 'B\<user in B>'
Any hints? Thanks in advance! I have tested several setting, but I
am clueless now.. :-(
And please tell me if you need further infos..
This is the smb.conf's global section:
[global]
netbios aliases = <some aliases>
password server = pdc01, pdc02, *
workgroup = A
security = ads
realm = A.GLOBAL
interfaces = 127.0.0.1 eth0
bind interfaces only = true
load printers = no
unix charset = LOCALE
domain master = no
local master = no
# smb ports: default is "139 445"
# but: if we listen on 445, %L is not available
smb ports = 139
wins server = 193.197.136.66 193.195.151.104 193.196.151.66
name resolve order = wins bcast
ldap filter = (&(uid=%u)(objectclass=posixAccount))
ldap admin dn = <admin dn>
winbind trusted domains only = yes
winbind use default domain = no
winbind cache time = 0
-Marc
Maybe Matching Threads
- roaming profiles not saved over VPN
- Recently joined 2k3, shut down primary, seized roles, now have slight dns (maybe) problem.
- ADS Authentication - CLDAP request failed
- [3.0.23d] winbind: ads_connect for domain X failed: Operations error
- SID_TO_UID not working
Wisdom of the Ancients
