In our native Win2K3 AD domain, several AD accounts have a sIDHistory
that carry SIDs from before the AD domain migration in addition to the
"primary" objectSID.
Samba 3.0.21c winbindd (with idmap OpenLDAP backend) on domain member
servers (running SuSE 9.3 Pro) allocates multiple uids for these SIDs
with the same (AD) user name:
Primary SID:
# getent passwd myuser
myuser:*:10770:10500:myuser:/cifs/home/user:/bin/false
# wbinfo --uid-to-sid 10770
S-1-5-21-A-B-C-1372
# net getdomainsid | grep XXX
SID for domain XXX is: S-1-5-21-A-B-C
"Secondary" SID:
# wbinfo --uid-to-sid 11950
S-1-5-21-D-E-F-287591
# wbinfo --sid-to-name S-1-5-21-D-E-F-287591
XXX\myuser 1
But getpwuid(3) doesn't return the mapping from the "secondary"
uid to
the user name:
# perl -e 'print join ":", getpwuid(10770), "\n"';
myuser:*:10770:10500:::myuser:/cifs/home/myuser:/bin/false:
# perl -e 'print join ":", getpwuid(11950), "\n"';
#
This causes problems with "ls" and friends not being able to show file
owners as user names.
For local (passwd) users that share the same user name (but have
different uids), getpwuid() works fine for both of them.
Thoughts?
-TL
