Bug 1622 - winbind: Mapping SID<->UID broken/inconsistent in versions > 3.0.2
winbind: Mapping SID<->UID broken/inconsistent in versions > 3.0.2
Status: CLOSED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: winbind
3.0.6
x86 Linux
: P3 regression
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-08-18 00:10 UTC by Sven Thomsen
Modified: 2005-08-24 10:15 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sven Thomsen 2004-08-18 00:10:10 UTC
Winbind > 3.0.2 seems to have a problem mapping UIDs to SIDs correctly. 
 
Test (Samba 3.0.5 on Linux 2.4, AD-member, AD-Users have SID-History of 
previous NT4-Domain): 
 
> wbinfo -n DOMAIN1+USER1 
S-1-5-21-W-X-Y-Z User (1) 
 
(This SID is the correct SID of USER1 in the AD) 
 
> id DOMAIN1+USER1 
uid=30000(DOMAIN1+USER1) gid=30000(DOMAIN1+GROUP1) groups=30000
(DOMAIN1+GROUP1) 
 
 
> wbinfo -r DOMAIN1+USER1 
30001 
... 
... 
30137 
  
> wbinfo -n DOMAIN1+USER1 
S-1-5-21-A-B-C-D User (1) 
 
This SID is the SID of USER1 in the previous NT4-Domain, somehow the previous 
"wbinfo -r" did something nasty to ID-mapping, it looks like idmap got 
"poisoned" by "wbinfo -r".   
 
> id DOMAIN1+USER1 
id: DOMAIN1+USER1: No such user 
 
winbind logging corresponding to this invocation of id: 
 
[2004/08/18 08:43:01, 1] nsswitch/winbindd_ads.c:query_user(412) 
  query_user(sid=S-1-5-21-A-B-C-D): Not found 
[2004/08/18 08:43:01, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(182) 
  error getting user info for user '[DOMAIN1]\[USER1]' 
 
winbind can't find the user because it is searching for the wrong SID. 
 
This problem occured after an update from 3.0.2 to 3.0.4/3.0.5. Reading from 
the changelog of 3.0.3: 
 
"New features introduced in Samba 3.0.3 include: 
... 
 o Support for local nested groups via winbindd. 
... 
" 
 
When I downgrade back to 3.0.2, this problem goes away. 
 
This (or a related?) problem seems to bother other people as well: 
http://marc.theaimsgroup.com/?l=samba&m=109170161202874&w=2 
http://marc.theaimsgroup.com/?l=samba&m=108853775903571&w=2
Comment 1 Volker Lendecke 2004-08-18 00:40:23 UTC
http://lists.samba.org/archive/samba-cvs/2004-June/049580.html is probably a
bugfix for this. Could you try the latest SVN tree, or use the very soon to be
released version 3.0.6?

Closing this bug, if 3.0.6 does not fix it, please reopen.

Volker
Comment 2 Sven Thomsen 2004-08-23 01:02:23 UTC
OK, I've tested with 3.0.6, the problem`s still there. 
 
(I've used the 3.0.6 rpms from sernet) 
 
 
Comment 3 Sven Thomsen 2004-08-23 04:55:27 UTC
Closing bug. 
 
Fix is in 
http://lists.samba.org/archive/samba-technical/2004-August/036859.html 
 
Thanks to vl@ for helping out. 
Comment 4 Gerald (Jerry) Carter 2005-08-24 10:15:33 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.