Anders.Strandberg@tietoenator.com
2008-May-29 15:22 UTC
[Samba] Winbind: SID2UID looks in own domain only ?
Hi, Trusting domain: DOMA Trusted domain : DOMB We are running samba-winbind 3.0.24 and have problems when authenticating user from a trusted domain (DOMB) (idmap backend = ad) in to DOMA. After some investigations, we found that when we are trying to login as a user from DOMB, it seems that sid2uid looks in own domain only, and fails to retrieve uid from sid. In DOMA: wbinfo -m shows the trusted domains OK. wbinfo -a DOMB\\user%password works . wbinfo -u list users from both domains. But wbinfo -i DOMB\\user returns Could not get info for user DOMB\user I have checked that the sid is retrieved correctly , but the sid2uid mapping does not succeed due to the fact that the lookup seems to take place in DOMA only and returns: Could not query user's DOMB\user uid I gather that this should work . Does anyone have any experiences from this ? I have seen some questions before regarding this while googling around but no answers. Thanx, Anders
Gerald (Jerry) Carter
2008-May-29 15:30 UTC
[Samba] Winbind: SID2UID looks in own domain only ?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anders.Strandberg@tietoenator.com wrote:> > I gather that this should work . Does anyone have any > experiences from this ? I have seen some questions > before regarding this while googling around but no answers.This is a limitation of the idmap_ad pliugin currenytly (bug or RFE depending on how you look at it). The plugin doesn't have a proper connection mgr to contact more than its primary domain. jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIPsvvIR7qMdg1EfYRAgOHAJ9pObylxj+Jnwc+thAlpk1IjGxeAwCfRaiB cSeaOAYh0024mNgEjO6/cgU=RBtO -----END PGP SIGNATURE-----