Bug 3289 - using "idmap uid" and "idmap gid" is required, though not needed
Summary: using "idmap uid" and "idmap gid" is required, though not needed
Status: RESOLVED WORKSFORME
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.20b
Hardware: Other Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-11-28 17:28 UTC by Christoph Klein (dead mail address)
Modified: 2022-01-12 01:20 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christoph Klein (dead mail address) 2005-11-28 17:28:47 UTC
Hi,
Today I updated our samba server to 3.0.20b with samba debian packages. After upgrading, everything but uid,gid<->sid conversion worked. wbinfo -U/-S/-G were no longer successfull. 
Our setup is as follows:
All our Windows users are also avaible to unix with the same username via nss_ldap. So Samba should only lookup the username via nss and msrpc do the conversion afterwards. Due to the fact that we use no dynamic mapping between uid,gid and sid "idmap uid/gid" was left empty up to now in smb.conf. 
And this lead to the failure: 
The new winbindd implementation requires in the function winbindd_param_init in the file nsswitch/winbindd_util.c the presence of these configuration options, otherwise main in winbindd.c sets the winbind daemon in a proxy_only state, in which he doesnt do any conversion!

Resolution:
Setting "idmap uid = 999-1000" and "idmap gid = 999-1000" solved the problem for the moment for me, but i think requiring this parameter is senseless.

Thanks
christoph
Comment 1 Gerald (Jerry) Carter (dead mail address) 2006-04-20 08:03:37 UTC
severity should be determined by the developers and not the reporter.
Comment 2 Guenther Deschner 2006-05-31 13:38:27 UTC
Are you using "winbind trusted domains only" ? Please also post your smb.conf.