thr3ads.net - samba - [Samba] winbind idmap backend = ad : repeated error 'could not read attribute mssfu30gidnumber' [Apr 2007]

If this information is useful, please help other people find it:
Share via:

Jonathan C. Detert

2007-Apr-30 21:35 UTC

[Samba] winbind idmap backend = ad : repeated error 'could not read attribute mssfu30gidnumber'

Hello,

I have several servers running winbind v3.0.22 with 'idmap backend = ad'
and 'winbind nss info = sfu' with no noticable problems except
that /var/log/samba/log.winbindd-idmap repeatedly has lines the read
like this:

[2007/04/30 11:20:19, 1] sam/idmap_ad.c:ad_idmap_get_id_from_sid(329)
  ad_idmap_get_id_from_sid: ads_pull_uint32: could not read attribute
'msSFU30GidNumber'

This mailing list thread:
http://lists.samba.org/archive/samba/2006-October/126484.html 
found the cause of this symptom to be that the msad domain
'authenticated user' didn't have read permission on the attribute. 
I
don't think that's the problem in my case (but am not sure my test is
valid): Using openldap's ldapsearch, I authenticated as a unprivileged
domain user, and was able to read the msSFU30GidNumber attribute.

Any idea what the problem is, what it affects, and how to resolve it?

Thanks,

Jon

samba - Apr 2007 - winbind idmap backend = ad : repeated error 'could not read attribute mssfu30gidnumber'

[Samba] winbind idmap backend = ad : repeated error 'could not read attribute mssfu30gidnumber'