Bug 8824 - getent group fails when idmapping settings filter results
Summary: getent group fails when idmapping settings filter results
Status: NEW
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 3.6.3
Hardware: All Linux
: P5 normal
Target Milestone: ---
Assignee: Michael Adam
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-03-23 15:03 UTC by Savvas Karagiannidis
Modified: 2012-03-23 15:03 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Savvas Karagiannidis 2012-03-23 15:03:19 UTC
getent group seems to fail getting the list of groups that exist in active directory when using any idmapping backend (tried with rid and ad) that filters out some of the groups (playing with minid and maxid).

The expected result should be to successfully list all groups whose sids are mapped to valid gids

It seems that the problem exists only for the group part, since getent passwd works fine.

Looking at winbind logs, any requests coming from libnss stop at the first idmapping that gets filtered. and getent group returns no results.

Also if the following info helps, I tried to debug the problem, so I activated debugging winbind_nss_linux.c (added #define DEBUG_NSS) and also changed MAX_GETGRENT_USERS defined in nsswitch/winbind_nss_linux.c from 250 to 1. After doing that, I get a partial list of the groups in active directory, but the list stops at the first group that gets filtered from id mapping.