smbd never ask winbind for a idmapping on sid_to_uid() if the sid belongs to the local machines SID. If someone wants using a central idmap database this is a bug! sid_to_gid() works correct... this is in sid_to_uid(): ... /* if this is our SID then go straight to a local lookup */ if ( sid_compare_domain(get_global_sam_sid(), psid) == 0 ) { DEBUG(10,("sid_to_uid: my domain (%s) - trying local.\n", sid_string_static(psid) )); if ( local_sid_to_uid(puid, psid, &name_type) ) goto success; DEBUG(10,("sid_to_uid: local lookup failed\n")); return NT_STATUS_UNSUCCESSFUL; } /* If it is not our local domain, only hope is winbindd */ if ( !winbind_lookup_sid(psid, dom_name, name, &name_type) ) { DEBUG(10,("sid_to_uid: winbind lookup for non-local sid %s failed\n", sid_string_static(psid) )); return NT_STATUS_UNSUCCESSFUL; } ... this is in sid_to_gid(): ... if (!winbind_lookup_sid(psid, dom_name, name, &name_type)) { DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed - trying local.\n", sid_to_string(sid_str, psid) )); if ( local_sid_to_gid(pgid, psid, &name_type) ) goto success; DEBUG(10,("sid_to_gid: no one knows this SID\n")); return NT_STATUS_UNSUCCESSFUL; } ...
Created attachment 66 [details] try winbind_looup_sid() first
I don't know if this patch works 100% ok, Jerry can you look closer to this and test it a bit thanks metze
This is by design. sid_to_gid works only because of group mapping which might have foreign SIDs. To share user's in our local domain you must share the passdb backend. This can be revisited at a later release but this is how it will work in Samba 3.0
so winbind could NOT be the storage of all idmappings??? in 3.0.0...wasn't that on the feature list?
no. What was on the feature list was to store constent mappings between winbindd installations which is possible.
originally reported against 3.0.0beta3. CLeaning out non-production release versions.