Although nobody replied to me, I still think this applies to HEAD and is a general problem.
The reason behind this problem, is that when you add a new group or user not known to winbindd_idmap.tdb through ACL, the code in posix_acl.c does the following (line 1006): } else if (sid_to_uid( ¤t_ace->trustee, ¤t_ace->unix_ug.uid, &sid_type)) { current_ace->owner_type = UID_ACE; current_ace->type = SMB_ACL_USER; } else if (sid_to_gid( ¤t_ace->trustee, ¤t_ace->unix_ug.gid, &sid_type)) { current_ace->owner_type = GID_ACE; current_ace->type = SMB_ACL_GROUP; } else { which means, it tries to map the sid to a uid first, if fails, then try gid. However, since the following code in sid_to_uid() is commented out: /* (tridge) I commented out the slab of code below in order to support foreign SIDs Do we really need to validate the type of SID we have in this case? */ #if 0 fstring dom_name, name; enum SID_NAME_USE name_type; *sidtype = SID_NAME_UNKNOWN; /* * First we must look up the name and decide if this is a user sid. */ if ( (!winbind_lookup_sid(psid, dom_name, name, &name_type)) || (name_type != SID_NAME_USER) ) { BOOL result; DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed - trying local.\n", sid_to_string(sid_str, psid) )); become_root(); result = local_sid_to_uid(puid, psid, sidtype); unbecome_root(); return result; } /* * Ensure this is a user sid. */ if (name_type != SID_NAME_USER) { DEBUG(10,("sid_to_uid: winbind lookup succeeded but SID is not a uid (%u)\n", (unsigned int)name_type )); return False; } #endif A new SID will always successfully map to uid. The fix would be, either uncomment the above code in sid_to_uid(), or in posix_acl.c, because calling sid_to_uid(), call lookup_sid() first to find out the name type (user or group). Is there any other options? Chere On Wednesday 05 March 2003 06:57 pm, Chere Zhou wrote: > I am in an ADS domain. From a Windows client, create a file, add a group > to the file using ACLs (new means the group is not in winbindd database > yet), the group is mapped as a user in the winbindd_idmap.tdb. The group > is not any special type, just a normal group (not local, not universal). > > Anyone knows about this problem? > > Thanks, > Chere