I cranked up the debug level of winbindd, so I have a bit more info on this.
Should I file a bug on this? I'm pretty sure I'm not doing anything
wrong.
Here's the winbindd log from running wbinfo -S SID with the debug level set
to 10.
[2006/10/24 11:37:14, 6] nsswitch/winbindd.c:new_connection(601)
accepted socket 17
[2006/10/24 11:37:14, 10] nsswitch/winbindd.c:process_request(287)
process_request: request fn INTERFACE_VERSION
[2006/10/24 11:37:14, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(474)
[ 0]: request interface version
[2006/10/24 11:37:14, 10] nsswitch/winbindd.c:process_request(287)
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2006/10/24 11:37:14, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(507)
[ 0]: request location of privileged pipe
[2006/10/24 11:37:14, 6] nsswitch/winbindd.c:new_connection(601)
accepted socket 18
[2006/10/24 11:37:14, 10] nsswitch/winbindd.c:process_request(287)
process_request: request fn SID_TO_UID
[2006/10/24 11:37:14, 3] nsswitch/winbindd_sid.c:winbindd_sid_to_uid(153)
[ 0]: sid to uid S-1-5-21-1080779907-1917946211-1564786409-1362
[2006/10/24 11:37:14, 10] sam/idmap_util.c:idmap_sid_to_uid(70)
idmap_sid_to_uid: sid = [S-1-5-21-1080779907-1917946211-1564786409-1362]
[2006/10/24 11:37:14, 10] sam/idmap_tdb.c:db_get_id_from_sid(277)
db_get_id_from_sid
[2006/10/24 11:37:14, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183)
internal_get_id_from_sid: fetching record
S-1-5-21-1080779907-1917946211-1564786409-1362 of type 0x1
[2006/10/24 11:37:14, 10] sam/idmap_tdb.c:internal_get_id_from_sid(187)
internal_get_id_from_sid: record
S-1-5-21-1080779907-1917946211-1564786409-1362 not found
[2006/10/24 11:37:14, 10] sam/idmap_util.c:idmap_sid_to_uid(70)
idmap_sid_to_uid: sid = [S-1-5-21-1080779907-1917946211-1564786409-1362]
[2006/10/24 11:37:14, 10] sam/idmap_tdb.c:db_get_id_from_sid(277)
db_get_id_from_sid
[2006/10/24 11:37:14, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183)
internal_get_id_from_sid: fetching record
S-1-5-21-1080779907-1917946211-1564786409-1362 of type 0x1
[2006/10/24 11:37:14, 10] sam/idmap_tdb.c:internal_get_id_from_sid(187)
internal_get_id_from_sid: record
S-1-5-21-1080779907-1917946211-1564786409-1362 not found
[2006/10/24 11:37:14, 10]
nsswitch/winbindd_util.c:find_lookup_domain_from_sid(665)
find_lookup_domain_from_sid(S-1-5-21-1080779907-1917946211-1564786409-1362)
[2006/10/24 11:37:14, 10]
nsswitch/winbindd_util.c:find_lookup_domain_from_sid(675)
calling find_our_domain
[2006/10/24 11:37:14, 10]
nsswitch/winbindd_cache.c:cache_retrieve_response(1995)
Retrieving response for pid 29815
[2006/10/24 11:37:14, 10]
nsswitch/winbindd_cache.c:cache_retrieve_response(1995)
Retrieving response for pid 29820
[2006/10/24 11:37:14, 5] nsswitch/winbindd_async.c:idmap_sid2uid_recv(232)
sid2uid returned an error
[2006/10/24 11:37:14, 10]
nsswitch/winbindd_cache.c:cache_retrieve_response(1995)
Retrieving response for pid 29820
[2006/10/24 11:37:14, 5] nsswitch/winbindd_async.c:idmap_sid2uid_recv(232)
sid2uid returned an error
[2006/10/24 11:37:14, 5] nsswitch/winbindd_async.c:sid2uid_alloc_recv(1228)
Could not allocate uid
[2006/10/24 11:37:14, 5] nsswitch/winbindd_sid.c:sid2uid_recv(188)
Could not convert sid S-1-5-21-1080779907-1917946211-1564786409-1362
> Hi,
>
> I'm using samba 3.0.23c, and having a bit of trouble getting it to play
> nice with my active directory. I'm using Windows Small Business Server
> 2003 with the SFU 3.5 NIS server/schema extensions installed. I have samba
> configured to use ad as the idmap backend, and sfu for nss info.
>
> When running getent passwd, only a few active directory users show up, and
> I get lots of errors like this in my winbind log:
>
> [2006/10/20 15:33:49, 1] sam/idmap_ad.c:ad_idmap_get_id_from_sid(309)
> ad_idmap_get_id_from_sid: ads_pull_uint32: could not read attribute
> 'msSFU30UidNumber'
> [2006/10/20 15:33:49, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(85)
> error getting user id for sid
> S-1-5-21-1020778807-1917943211-1564386419-1158
> [2006/10/20 15:33:49, 1] nsswitch/winbindd_user.c:winbindd_getpwent(711)
> could not lookup domain user TestUser
>
> wbinfo -u prints out all my users
> wbinfo -g prints out all my groups
> getent group prints out all my groups and their unix IDs
> getent -r username seems to get the correct user group unix ids for all
> the users, even the ones that don't see to be able to have their SID
> converted to a UID.
>
> Anyone have any ideas?
>
> The most relevant section of my smb.conf is
>
> encrypt passwords = yes
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> idmap backend = ad
> winbind enum users = yes
> winbind enum groups = yes
> winbind nss info = sfu
> winbind use default domain = yes
> winbind separator = #
>