samba - May 2005 - idmap_sid_to_uid is not get called?

Hi 
 
I have the following question:
 
Joining Win200x as ADS/DOMAIN, I see no problems for windows users to
get authenticated even if they don't have local accounts.
 
However,  with the same samba (3.06) joining NT4 SP6 domain I  see that
only users that also have entry in /etc/passwd are been authenticated.
 
I followed  winbindd  traces and saw that there is no problem
communicating with the DC  and authenticated the user.
 
 
What I don't understand is why idmap_sid_to_uid(...) in
winbindd_fill_pwent() in winbindd_user.c is not get called.
 
The only different is the domain  I join.
 
Any hint will be very appreciated.
 
Cheers,
Ephi
 
 
Here is the last part of the trace:
2005/05/05 21:21:47, 3, pid=26100]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
  [26876]: request interface version
[2005/05/05 21:21:47, 3, pid=26100]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
  [26876]: request location of privileged pipe
[2005/05/05 21:21:47, 3, pid=26100]
nsswitch/winbindd_misc.c:winbindd_ping(238)
  [26876]: ping
[2005/05/05 21:21:47, 3, pid=26100]
nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(429)
  [26876]: pam auth crap domain: QADOMAIN user: KUKU
[2005/05/05 21:21:47, 3, pid=26100]
libsmb/namequery_dc.c:rpc_dc_name(145)
  rpc_dc_name: Returning DC WINNT1 (10.123.130.16) for domain QADOMAIN
[2005/05/05 21:21:47, 3, pid=26100]
nsswitch/winbindd_cm.c:cm_get_ipc_userpass(109)
  IPC$ connections done anonymously
[2005/05/05 21:21:47, 3, pid=26100]
libsmb/cliconnect.c:cli_start_connection(1376)
  Connecting to host=WINNT1
[2005/05/05 21:21:47, 3, pid=26100] lib/util_sock.c:open_socket_out(752)
  Connecting to 10.123.130.16 at port 445
[2005/05/05 21:21:47, 2, pid=26100] lib/util_sock.c:open_socket_out(789)
  error connecting to 10.123.130.16:445 (Connection refused)
[2005/05/05 21:21:47, 3, pid=26100] lib/util_sock.c:open_socket_out(752)
  Connecting to 10.123.130.16 at port 139
[2005/05/05 21:21:47, 3, pid=26100]
nsswitch/winbindd_user.c:winbindd_getpwnam(124)
  [26876]: getpwnam qadomain\kuku
[2005/05/05 21:21:47, 3, pid=26100]
nsswitch/winbindd_rpc.c:msrpc_name_to_sid(291)
  rpc: name_to_sid name=kuku
[2005/05/05 21:21:47, 3, pid=26100]
nsswitch/winbindd_rpc.c:msrpc_name_to_sid(300)
  name_to_sid [rpc] kuku for domain QADOMAIN
[2005/05/05 21:21:47, 3, pid=26100]
nsswitch/winbindd_rpc.c:query_user(379)
  rpc: query_user rid=S-1-5-21-923151225-1099654442-1124750213-1009
[2005/05/05 21:21:47, 3, pid=26100]
nsswitch/winbindd_user.c:winbindd_getpwnam(124)
  [26876]: getpwnam QADOMAIN\KUKU
[2005/05/05 21:21:47, 3, pid=26100]
nsswitch/winbindd_user.c:winbindd_getpwnam(124)
  [26876]: getpwnam kuku
[2005/05/05 21:21:47, 3, pid=26100]
nsswitch/winbindd_user.c:winbindd_getpwnam(124)
  [26876]: getpwnam KUKU
[2005/05/05 21:21:47, 3, pid=26100]
nsswitch/winbindd_acct.c:winbindd_create_user(880)
  [26876]: create_user: user=>(KUKU), group=>()
[2005/05/05 21:21:47, 2, pid=26100]
nsswitch/winbindd_acct.c:winbindd_create_user(904)
  winbindd_create_user: Cannot validate gid for group (nobody)
[2005/05/05 21:21:47, 3, pid=26100]
nsswitch/winbindd_user.c:winbindd_getpwnam(124)
  [26876]: getpwnam kuku
[2005/05/05 21:21:47, 3, pid=26100]
nsswitch/winbindd_user.c:winbindd_getpwnam(124)
  [26876]: getpwnam KUKU
[2005/05/05 21:21:47, 3, pid=26100]
nsswitch/winbindd_acct.c:winbindd_create_user(880)
  [26876]: create_user: user=>(KUKU), group=>()
[2005/05/05 21:21:47, 2, pid=26100]
nsswitch/winbindd_acct.c:winbindd_create_user(904)
  winbindd_create_user: Cannot validate gid for group (nobody)
[2005/05/05 21:21:47, 3, pid=26100]
nsswitch/winbindd_user.c:winbindd_getpwnam(124)
  [26876]: getpwnam qadomain\kuku
[2005/05/05 21:21:47, 3, pid=26100]
nsswitch/winbindd_user.c:winbindd_getpwnam(124)
  [26876]: getpwnam QADOMAIN\KUKU
[2005/05/05 21:21:47, 3, pid=26100]
nsswitch/winbindd_user.c:winbindd_getpwnam(124)
  [26876]: getpwnam kuku
[2005/05/05 21:21:47, 3, pid=26100]
nsswitch/winbindd_user.c:winbindd_getpwnam(124)
  [26876]: getpwnam KUKU
[2005/05/05 21:21:47, 3, pid=26100]
nsswitch/winbindd_acct.c:winbindd_create_user(880)
  [26876]: create_user: user=>(KUKU), group=>()
[2005/05/05 21:21:47, 2, pid=26100]
nsswitch/winbindd_acct.c:winbindd_create_user(904)
  winbindd_create_user: Cannot validate gid for group (nobody)
[2005/05/05 21:21:47, 3, pid=26100]
nsswitch/winbindd_user.c:winbindd_getpwnam(124)
  [26876]: getpwnam kuku
[2005/05/05 21:21:47, 3, pid=26100]
nsswitch/winbindd_user.c:winbindd_getpwnam(124)
  [26876]: getpwnam KUKU

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ephi Dror wrote:
| Hi
|
| I have the following question:
|
| Joining Win200x as ADS/DOMAIN, I see no problems for windows users to
| get authenticated even if they don't have local accounts.
|
| However,  with the same samba (3.06) joining NT4 SP6
| domain I  see that only users that also have
| entry in /etc/passwd are been authenticated.
|
| I followed  winbindd  traces and saw that there
| is no problem communicating with the DC
| and authenticated the user.

Set 'winbind enable local accounts = no'.  You are using
a really old version of Samba.  Might want to consider
and upgrade.










cheers, jerry
====================================================================Alleviating
the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back."     Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCfPHeIR7qMdg1EfYRAqefAKCb96Ohl56tT15rZZ6xiU/9KQbSWgCeJraA
y2Q1PCHXwhCH1bXsJVwcz9Y=1aW0
-----END PGP SIGNATURE-----