Bug 5726 - Cannot convert sid to gid on groups
Summary: Cannot convert sid to gid on groups
Status: RESOLVED INVALID
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.30
Hardware: x64 Linux
: P3 critical
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-08-29 13:16 UTC by Duncan Fiander (mail address dead)
Modified: 2008-09-10 01:14 UTC (History)
1 user (show)

See Also:


Attachments
Winbind debug (80.00 KB, application/octet-stream)
2008-09-04 12:10 UTC, Duncan Fiander (mail address dead)
no flags Details
Samba Config (30.00 KB, application/octet-stream)
2008-09-04 12:10 UTC, Duncan Fiander (mail address dead)
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Duncan Fiander (mail address dead) 2008-08-29 13:16:00 UTC
We have a customer where on some groups they wish to use cannot convert the SID to GID. 

The command we are using is: 
#wbinfo -Y `wbinfo -D domain-name -n 'domain-user-group' | sed -n '$ p'`

Created backup '/var/lib/samba/winbindd_cache.tdb.bak' of tdb '/var/lib/samba/winbindd_cache.tdb'
[2008/08/22 14:09:01, 0] nsswitch/winbindd_cache.c:initialize_winbindd_cache(2237)
  initialize_winbindd_cache: clearing cache and re-creating with version number 1
[2008/08/22 14:12:19, 1] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(312)
  Could not get convert sid Name from string

Are there any updates or workarounds.

Thanks
Duncan
Comment 1 Duncan Fiander (mail address dead) 2008-09-04 12:10:28 UTC
Created attachment 3525 [details]
Winbind debug
Comment 2 Duncan Fiander (mail address dead) 2008-09-04 12:10:47 UTC
Created attachment 3526 [details]
Samba Config
Comment 3 Duncan Fiander (mail address dead) 2008-09-04 12:11:30 UTC
Additional information

Maritz Groups
mau001o_40028_Admin (sid to gid good)
MAU001o_40033_West_Coast
MAU001o_40034_New_Markets
MAU001o_40036_Nissan
MAU001o_40101_GMCSI
MAU001o_40137_Toyota (Cannot sid to gid)


MAU001NASARCP01:/etc/samba # net ads info
LDAP server: 10.30.14.25
LDAP server name: mau001dcus02.us.maritz.net
Realm: US.MARITZ.NET
Bind Path: dc=US,dc=MARITZ,dc=NET
LDAP port: 389
Server time: Thu, 04 Sep 2008 11:41:03 EDT
KDC server: 10.30.14.25
Server time offset: 0


MAU001NASARCP01:/etc/samba # wbinfo --domain-info US
Name              : US
Alt_Name          : us.maritz.net
SID               : S-1-5-21-1078081533-1647877149-839522115
Active Directory  : Yes
Native            : Yes
Primary           : Yes
Sequence          : 74580141
MAU001NASARCP01:/etc/samba #

MAU001NASARCP01:/etc/samba # wbinfo -m
MARITZ
MARITZ_CANADA
EXCHANGE
MARITZ01
MARITZ06
MARITZ02
UK
EMEA
US

MAU001NASARCP01:/etc/samba # wbinfo --sequence
EMEA : 23480479
UK : 16048062
MARITZ02 : DISCONNECTED
MARITZ06 : DISCONNECTED
MARITZ01 : DISCONNECTED
EXCHANGE : DISCONNECTED
MARITZ_CANADA : DISCONNECTED
MARITZ : 9164307
BUILTIN : 1220543137
MAU001NASARCP01 : 1220543137
US : 74580621



MAU001NASARCP01:/etc/samba # wbinfo -Y `wbinfo -D US -n 'mau001o_40028_Admin' | sed -n '$ p'`
1053895

MAU001NASARCP01:/etc/samba # wbinfo -Y `wbinfo -D US -n 'mau001o_40137_toyota' | sed -n '$ p'`
Could not convert sid S-1-5-21-1078081533-1647877149-839522115-2987367 to gid

MAU001NASARCP01:/etc/samba # wbinfo -Y `wbinfo -n 'US\mau001o_40028_Admin' | sed -n '$ p'`
1053895

MAU001NASARCP01:/etc/samba # wbinfo -Y `wbinfo -n 'US\mau001o_40137_toyota' | sed -n '$ p'`
Could not convert sid S-1-5-21-1078081533-1647877149-839522115-2987367 to gid
MAU001NASARCP01:/etc/samba #


MAU001NASARCP01:/etc/samba # wbinfo -n 'mau001o_40137_toyota'
S-1-5-21-1078081533-1647877149-839522115-2987367 Domain Group (2)
MAU001NASARCP01:/etc/samba # wbinfo -n 'US\mau001o_40137_toyota'
S-1-5-21-1078081533-1647877149-839522115-2987367 Domain Group (2)
MAU001NASARCP01:/etc/samba # wbinfo -D US -n 'mau001o_40137_toyota'
Name              : US
Alt_Name          : us.maritz.net
SID               : S-1-5-21-1078081533-1647877149-839522115
Active Directory  : Yes
Native            : Yes
Primary           : Yes
Sequence          : 74580621
S-1-5-21-1078081533-1647877149-839522115-2987367 Domain Group (2)
MAU001NASARCP01:/etc/samba #

idmap domains =  \
        US \
        MARITZ


log level = 3 winbind:10
Comment 4 Karolin Seeger 2008-09-10 01:14:36 UTC
The calculated gid was out of range.
Closing out bug report.