Bug 3289 - using "idmap uid" and "idmap gid" is required, though not needed
using "idmap uid" and "idmap gid" is required, though not needed
Status: NEW
Product: Samba 3.0
Classification: Unclassified
Component: winbind
Other Linux
: P3 normal
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2005-11-28 17:28 UTC by Christoph Klein
Modified: 2006-05-31 13:38 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Christoph Klein 2005-11-28 17:28:47 UTC
Today I updated our samba server to 3.0.20b with samba debian packages. After upgrading, everything but uid,gid<->sid conversion worked. wbinfo -U/-S/-G were no longer successfull. 
Our setup is as follows:
All our Windows users are also avaible to unix with the same username via nss_ldap. So Samba should only lookup the username via nss and msrpc do the conversion afterwards. Due to the fact that we use no dynamic mapping between uid,gid and sid "idmap uid/gid" was left empty up to now in smb.conf. 
And this lead to the failure: 
The new winbindd implementation requires in the function winbindd_param_init in the file nsswitch/winbindd_util.c the presence of these configuration options, otherwise main in winbindd.c sets the winbind daemon in a proxy_only state, in which he doesnt do any conversion!

Setting "idmap uid = 999-1000" and "idmap gid = 999-1000" solved the problem for the moment for me, but i think requiring this parameter is senseless.

Comment 1 Gerald (Jerry) Carter 2006-04-20 08:03:37 UTC
severity should be determined by the developers and not the reporter.
Comment 2 Guenther Deschner 2006-05-31 13:38:27 UTC
Are you using "winbind trusted domains only" ? Please also post your smb.conf.