7406 – Winbind cannot seem to retreive trusted domain SIDs

Bug 7406 - Winbind cannot seem to retreive trusted domain SIDs

Summary: Winbind cannot seem to retreive trusted domain SIDs

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	Samba 3.5
Classification:	Unclassified
Component:	Winbind (show other bugs)
Version:	3.5.2
Hardware:	Sparc Solaris

Importance:	P3 major
Target Milestone:	---
Assignee:	Michael Adam
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-05-04 03:45 UTC by Philip Drapeau
Modified:	2013-02-18 13:29 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Philip Drapeau 2010-05-04 03:45:48 UTC

Samba 3.5.2 was built under Solaris 10 sparc.  I compiled using gcc and the latest libs for ldap/kerberos/etc from blastwave (stuff got horribly broken when I tried using Sun Studio to compile even though the compile succeeded).

Either way, here is some excerpts from the winbind log. Any help with figuring out what is going on would be appreciated.  This stuff is *NOT* broken under 3.4.7. 

[2010/05/04 02:34:44.540298,  2] winbindd/winbindd_util.c:221(add_trusted_domain)
  Added domain BUILTIN  S-1-5-32
[2010/05/04 02:34:44.541323,  2] winbindd/winbindd_util.c:221(add_trusted_domain)
  Added domain CNS3  S-1-5-21-3477661738-17456881-3314112931
[2010/05/04 02:34:44.542353,  2] winbindd/winbindd_util.c:221(add_trusted_domain)
  Added domain ENVMASTER ENV.GOV.AB.CA S-1-5-21-2022982267-965564276-250757269

Winbind has no problems adding these domains to the trusted domain list. However I notice later on in the log it gets the following:

[2010/05/04 02:34:44.846255,  3] lib/util_sid.c:228(string_to_sid)
  string_to_sid: Sid (NULL SID) does not start with 'S-'.
[2010/05/04 02:34:44.846465,  0] winbindd/winbindd_util.c:325(trustdom_recv)
  Got invalid trustdom response

and than proceeds to loop and tries to list the trusted domains again (it does this several times). It seems to me like the directory is returning a null SID in attempts to resolve any of the trusted domains, however it did not do this before under 3.4.7. Any input into this issue would be appreciated, thanks!

Comment 1 Philip Drapeau 2010-05-04 22:38:35 UTC

I can also add that when I set winbind rpc only = yes it *DOES* get the SIDs of the trusted domains and properly enumerate them.  However when attempting to retrieve groups/users from a trusted domain which is not running in mixed mode, it fails to do so via RPC.  

The domain the samba server is on, is however running in mixed mode.

Comment 2 Philip Drapeau 2010-05-05 10:30:43 UTC

I suppose I should further clarify, when I cranked up the debug level from 9 to 10, I noticed it is getting the SIDs for trusted domains, its just not attempting to contact the domain controllers (so group/user resolution does not work in trusted domains).

Comment 3 Karolin Seeger 2010-05-27 05:39:36 UTC

Could you provide all winbind log files (level 10), please?

Thanks!

Comment 4 Björn Jacke 2012-04-20 19:20:58 UTC

no reply since two years, so close this for now. please reopen with level 10 log files if you still have the problem with the latest release. Thanks!