The Samba-Bugzilla – Bug 7406
Winbind cannot seem to retreive trusted domain SIDs
Last modified: 2013-02-18 13:29:35 UTC
Samba 3.5.2 was built under Solaris 10 sparc. I compiled using gcc and the latest libs for ldap/kerberos/etc from blastwave (stuff got horribly broken when I tried using Sun Studio to compile even though the compile succeeded).
Either way, here is some excerpts from the winbind log. Any help with figuring out what is going on would be appreciated. This stuff is *NOT* broken under 3.4.7.
[2010/05/04 02:34:44.540298, 2] winbindd/winbindd_util.c:221(add_trusted_domain)
Added domain BUILTIN S-1-5-32
[2010/05/04 02:34:44.541323, 2] winbindd/winbindd_util.c:221(add_trusted_domain)
Added domain CNS3 S-1-5-21-3477661738-17456881-3314112931
[2010/05/04 02:34:44.542353, 2] winbindd/winbindd_util.c:221(add_trusted_domain)
Added domain ENVMASTER ENV.GOV.AB.CA S-1-5-21-2022982267-965564276-250757269
Winbind has no problems adding these domains to the trusted domain list. However I notice later on in the log it gets the following:
[2010/05/04 02:34:44.846255, 3] lib/util_sid.c:228(string_to_sid)
string_to_sid: Sid (NULL SID) does not start with 'S-'.
[2010/05/04 02:34:44.846465, 0] winbindd/winbindd_util.c:325(trustdom_recv)
Got invalid trustdom response
and than proceeds to loop and tries to list the trusted domains again (it does this several times). It seems to me like the directory is returning a null SID in attempts to resolve any of the trusted domains, however it did not do this before under 3.4.7. Any input into this issue would be appreciated, thanks!
I can also add that when I set winbind rpc only = yes it *DOES* get the SIDs of the trusted domains and properly enumerate them. However when attempting to retrieve groups/users from a trusted domain which is not running in mixed mode, it fails to do so via RPC.
The domain the samba server is on, is however running in mixed mode.
I suppose I should further clarify, when I cranked up the debug level from 9 to 10, I noticed it is getting the SIDs for trusted domains, its just not attempting to contact the domain controllers (so group/user resolution does not work in trusted domains).
Could you provide all winbind log files (level 10), please?
no reply since two years, so close this for now. please reopen with level 10 log files if you still have the problem with the latest release. Thanks!