Jens Nissen
2007-Oct-26 11:13 UTC
[Samba] Pre-3.023d-Bug in ACL-handling reappears in 3.026a
# wbinfo -Y S-1-5-11 Could not convert sid S-1-5-11 to gid # wbinfo -Y S-1-5-13 Could not convert sid S-1-5-13 to gid (S-1-5-11 are the Authenticated Users, S-1-5-13 are the Terminal Server Users.) This bug was finally solved in release 3.023d. Now it is back again. How can I get this working? I'm using idmap/tdb - would another idmap-module solve this issue? The winbind log looks like this: [2007/10/26 13:06:09, 6] nsswitch/winbindd.c:new_connection(628) accepted socket 18 [2007/10/26 13:06:09, 10] nsswitch/winbindd.c:process_request(314) process_request: request fn INTERFACE_VERSION [2007/10/26 13:06:09, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491) [20989]: request interface version [2007/10/26 13:06:09, 10] nsswitch/winbindd.c:process_request(314) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2007/10/26 13:06:09, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524) [20989]: request location of privileged pipe [2007/10/26 13:06:09, 6] nsswitch/winbindd.c:new_connection(628) accepted socket 19 [2007/10/26 13:06:09, 10] nsswitch/winbindd.c:process_request(314) process_request: request fn SID_TO_GID [2007/10/26 13:06:09, 3] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(308) [20989]: sid to gid S-1-5-13 [2007/10/26 13:06:09, 10] nsswitch/winbindd_util.c:find_lookup_domain_from_sid(679) find_lookup_domain_from_sid(S-1-5-13) [2007/10/26 13:06:09, 10] nsswitch/winbindd_util.c:find_lookup_domain_from_sid(689) calling find_our_domain [2007/10/26 13:06:09, 10] lib/events.c:event_add_timed(129) Added timed event "async_request_timeout": 2aacfbe0 [2007/10/26 13:06:09, 10] lib/events.c:get_timed_events_timeout(295) timed_events_timeout: 299/999509 [2007/10/26 13:06:09, 10] lib/events.c:timed_event_destructor(66) Destroying timed event 2aacfbe0 "async_request_timeout" [2007/10/26 13:06:09, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300) Retrieving response for pid 20667 [2007/10/26 13:06:09, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545) winbindd_sid2gid_async: Resolving S-1-5-13 to a gid [2007/10/26 13:06:09, 10] lib/events.c:event_add_timed(129) Added timed event "async_request_timeout": 2aacfbe0 [2007/10/26 13:06:09, 10] lib/events.c:get_timed_events_timeout(295) timed_events_timeout: 299/999483 [2007/10/26 13:06:09, 10] lib/events.c:timed_event_destructor(66) Destroying timed event 2aacfbe0 "async_request_timeout" [2007/10/26 13:06:09, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300) Retrieving response for pid 20684 [2007/10/26 13:06:09, 5] nsswitch/winbindd_async.c:winbindd_sid2gid_recv(527) sid2gid returned an error [2007/10/26 13:06:09, 5] nsswitch/winbindd_sid.c:sid2gid_recv(254) Could not convert sid S-1-5-13 The log for my domain looks like this: [2007/10/26 13:06:09, 4] nsswitch/winbindd_dual.c:fork_domain_child(1054) child daemon request 20 [2007/10/26 13:06:09, 10] nsswitch/winbindd_dual.c:child_process_request(479) process_request: request fn LOOKUPSID [2007/10/26 13:06:09, 3] nsswitch/winbindd_async.c:winbindd_dual_lookupsid(754) [20666]: lookupsid S-1-5-13 [2007/10/26 13:06:09, 10] nsswitch/winbindd_util.c:find_lookup_domain_from_sid(679) find_lookup_domain_from_sid(S-1-5-13) [2007/10/26 13:06:09, 10] nsswitch/winbindd_util.c:find_lookup_domain_from_sid(689) calling find_our_domain [2007/10/26 13:06:09, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(465) refresh_sequence_number: MYDOMAIN time ok [2007/10/26 13:06:09, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(499) refresh_sequence_number: MYDOMAIN seq number is now 22411 [2007/10/26 13:06:09, 10] nsswitch/winbindd_cache.c:centry_expired(539) centry_expired: Key SN/S-1-5-13 for domain MYDOMAIN is good. [2007/10/26 13:06:09, 10] nsswitch/winbindd_cache.c:wcache_fetch(624) wcache_fetch: returning entry SN/S-1-5-13 for domain MYDOMAIN [2007/10/26 13:06:09, 10] nsswitch/winbindd_cache.c:sid_to_name(1436) sid_to_name: [Cached] - cached name for domain MYDOMAIN status: NT_STATUS_OK [2007/10/26 13:06:09, 10] nsswitch/winbindd_cache.c:cache_store_response(2260) Storing response for pid 20667, len 3240 [2007/10/26 13:06:09, 10] lib/events.c:get_timed_events_timeout(295) timed_events_timeout: 3520/681041 The idmap-log looks like this: [2007/10/26 13:06:09, 4] nsswitch/winbindd_dual.c:fork_domain_child(1054) child daemon request 49 [2007/10/26 13:06:09, 10] nsswitch/winbindd_dual.c:child_process_request(479) process_request: request fn DUAL_SID2GID [2007/10/26 13:06:09, 3] nsswitch/winbindd_async.c:winbindd_dual_sid2gid(558) [20666]: sid to gid S-1-5-13 [2007/10/26 13:06:09, 10] nsswitch/idmap_util.c:idmap_sid_to_gid(145) idmap_sid_to_gid: sid = [S-1-5-13] [2007/10/26 13:06:09, 10] nsswitch/idmap_util.c:idmap_sid_to_gid(165) sid [S-1-5-13] not mapped to an gid [2,2,2439960] [2007/10/26 13:06:09, 10] nsswitch/winbindd_async.c:winbindd_dual_sid2gid(570) winbindd_dual_sid2gid: 0xc0000073 - S-1-5-13 - 0 [2007/10/26 13:06:09, 10] nsswitch/winbindd_cache.c:cache_store_response(2260) Storing response for pid 20684, len 3240
Reasonably Related Threads
- InterDomain Trust Issue; Active directory domain does not return users and groups
- idmap uid allocation problem
- idmap_ad and multiple domians
- UserPrincipalName with samba/winbind 3.2
- AD client can't connect to share after winbind cache expires [Samba 3.4.12 on Gentoo]
Wisdom of the Ancients
