Bug 5414 - winbind fails to resolve sid-to-gid for local groups
Summary: winbind fails to resolve sid-to-gid for local groups
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.28a
Hardware: x86 Linux
: P3 major
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-04-24 15:19 UTC by Mike Brady
Modified: 2008-05-05 16:10 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Brady 2008-04-24 15:19:19 UTC
Samba 3.0.28a as a PDC with the following configuration:

/etc/samaba/smb.conf
[global]
        log level = 5
        workgroup = domb
        server string = Samba Server Version %v
        interfaces = lo, eth0
        passdb backend = tdbsam:/etc/samba/passdb.tdb
        username map = /etc/samba/smbusers
        log file = /var/log/samba/%m.log
        max log size = 50

        # Stuff that makes this machine a PDC.
        add user script = /usr/sbin/useradd "%u" -n -g domusers
        delete user script = /usr/sbin/userdel "%u"
        add group script = /usr/sbin/groupadd "%g"
        delete group script = /usr/sbin/groupdel "%g"
        delete user from group script = /usr/sbin/userdel "%u" "%g"
        add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false -g machines "%u"
        logon path = \\%L\Profiles\%U
        logon home = \\%L\%U\.profiles
        logon drive = H:
        domain logons = Yes
        os level = 33
        preferred master = Yes
        domain master = Yes
        wins proxy = Yes
        wins support = Yes

        # Equivalent of old behaviour.
        idmap domains = ALLDOMAINS
        idmap config ALLDOMAINS:default = yes
        idmap config ALLDOMAINS:backend = tdb
        idmap config ALLDOMAINS:range   = 10000 - 50000

        idmap alloc backend = tdb
        idmap alloc config:range = 10000 - 50000

        winbind enum users = yes
        winbind enum groups = Yes
        winbind nested groups = yes
        hosts allow = 127., 192.168.42., 192.168.43.
        cups options = raw

[homes]
        comment = Home Directories
        read only = No
        browseable = No

[netlogon]
        comment = Network Logon Service
        path = /var/lib/samba/netlogon
        guest ok = Yes
        browseable = No
        share modes = No
        read only = yes

[profiles]
        path = /var/lib/samba/profiles
        read only = no
        create mask = 0600
        directory mask = 0700


/etc/nsswitch.conf (Partial)
passwd:     files winbind
shadow:     files winbind
group:      files winbind
hosts:      files dns wins

[root@dombpdc ~]# net groupmap list verbose
Server Operators
        SID       : S-1-5-32-549
        Unix gid  : 10009
        Unix group: BUILTIN\server operators
        Group type: Local Group
        Comment   :
Guests
        SID       : S-1-5-32-546
        Unix gid  : 10004
        Unix group: BUILTIN\guests
        Group type: Local Group
        Comment   :
Domain Admins
        SID       : S-1-5-21-2991776595-4262790192-2958925130-512
        Unix gid  : 500
        Unix group: domadmins
        Group type: Domain Group
        Comment   : Domain Unix group
Power Users
        SID       : S-1-5-32-547
        Unix gid  : 10007
        Unix group: BUILTIN\power users
        Group type: Local Group
        Comment   :
Domain Guests
        SID       : S-1-5-21-2991776595-4262790192-2958925130-514
        Unix gid  : 99
        Unix group: nobody
        Group type: Domain Group
        Comment   : Domain Unix group
Print Operators
        SID       : S-1-5-32-550
        Unix gid  : 10010
        Unix group: BUILTIN\print operators
        Group type: Local Group
        Comment   :
Administrators
        SID       : S-1-5-32-544
        Unix gid  : 10000
        Unix group: BUILTIN\administrators
        Group type: Local Group
        Comment   :
Account Operators
        SID       : S-1-5-32-548
        Unix gid  : 10008
        Unix group: BUILTIN\account operators
        Group type: Local Group
        Comment   :
local1
        SID       : S-1-5-21-2991776595-4262790192-2958925130-1004
        Unix gid  : 10053
        Unix group: local1
        Group type: Local Group
        Comment   :
domgroup1
        SID       : S-1-5-21-2991776595-4262790192-2958925130-1005
        Unix gid  : 10054
        Unix group: domgroup1
        Group type: Domain Group
        Comment   :
Backup Operators
        SID       : S-1-5-32-551
        Unix gid  : 10011
        Unix group: BUILTIN\backup operators
        Group type: Local Group
        Comment   :
Users
        SID       : S-1-5-32-545
        Unix gid  : 10001
        Unix group: BUILTIN\users
        Group type: Local Group
        Comment   :
Domain Users
        SID       : S-1-5-21-2991776595-4262790192-2958925130-513
        Unix gid  : 501
        Unix group: domusers
        Group type: Domain Group
        Comment   : Domain Unix group

For any group with Group type of Local Group:
wbinfo -G returns the SID.
wbinfo -s retunrs an error.

e.g.
[root@dombpdc ~]# wbinfo -G 10001
S-1-5-32-545
[root@dombpdc ~]# wbinfo -s S-1-5-32-545
Could not lookup sid S-1-5-32-545

Releases 3.0.25b and 3.0.28 work correctly.

Happy to provide logs and do further testing.  Let me know what is required.
Comment 1 Mike Brady 2008-05-05 16:10:31 UTC
This is fixed in GIT.  Tested on a snapshot from 26 April 2008.