Re: [Samba] winbind sometimes does not resolve sid to a name
On Thu, Dec 2, 2010 at 3:13 PM, Shirish Pargaonkar shirishpargaon...@gmail.com wrote: On Tue, Nov 16, 2010 at 10:19 AM, Shirish Pargaonkar shirishpargaon...@gmail.com wrote: On Sat, Nov 13, 2010 at 5:34 PM, Michael Wood esiot...@gmail.com wrote: On 14 November 2010 01:16, Shirish Pargaonkar shirishpargaon...@gmail.com wrote: On Sat, Nov 13, 2010 at 4:52 PM, Michael Adam ob...@samba.org wrote: Hi Shirish, Shirish Pargaonkar wrote: On Mon, Nov 8, 2010 at 1:47 PM, Jeremy Allison j...@samba.org wrote: On Mon, Nov 08, 2010 at 01:21:30PM -0600, Shirish Pargaonkar wrote: Sometimes a group sid does not get resolved to its name. Is this a settings problem? Looks like winbind deamon went dormant for a while and then woke up? I am using interface wbcLookupSid provided by the library libwbclient.so for resolving sids to names. These are the winbind related parameters in /etc/samba/smb.conf Not enough information for useful debugging. What do the winbindd logs say ? ps -eaf | grep winbind root 20085 1 0 14:03 ? 00:00:00 /usr/sbin/winbindd -D root 20086 20085 0 14:03 ? 00:00:00 /usr/sbin/winbindd -D root 20089 20085 0 14:03 ? 00:00:00 /usr/sbin/winbindd -D Cleared /var/log/samba/winbindd.log just before issueing command getcifsacl which could not resolve the group SID winbindd.log attached. not really. :-) Cheers - Michael Michael, not sure what is implied. The log is not sufficient? No, the mailing list (sometimes) strips attachments. There was no log file attached to your e-mail when I received it. I see two error messages in the log. [2010/11/08 14:32:56, 5] winbindd/winbindd_async.c:lookupsid_recv2(138) lookupsid (forest root) returned an error [2010/11/08 14:32:56, 5] winbindd/winbindd_sid.c:lookupsid_recv(61) lookupsid returned an error -- Michael Wood esiot...@gmail.com Hope this attachment sticks. Regards, Shirish I see one more type error while using winbind, wbcSidToUid returns error 7 but wbcSidToGid succeeds. /tmp/getcifsacl /mnt/smb_d/Makefile REVISION:0x1 CONTROL:0x9404 OWNER:BUILTIN\Administrators GROUP:CIFSTESTDOM\Domain Users ACL:CIFSTESTDOM\Domain Users:DENIED/0x0/0x1 ACL:CIFSTESTDOM\Administrator:ALLOWED/0x0/0x1700a1 ACL:BUILTIN\Performance Log Users:ALLOWED/0x0/CHANGE ACL:CIFSTESTDOM\stevef:ALLOWED/0x0/FULL # cat /var/log/messages cifs.upcall: Owner wbcStringToSid: S-1-5-32-544, rc: 0 cifs.upcall: Owner wbcSidToUid: S-1-5-32-544, uid: 0, rc: 7 cifs.upcall: Group wbcStringToSid: S-1-5-21-2849063682-2007077719-983662776-513, rc: 0 cifs.upcall: Group wbcSidToGid: S-1-5-21-2849063682-2007077719-983662776-513, gid: 10010, rc: 0 Error winbindd.log file is as follows: sid2uid_lookupsid_recv: Sid S-1-5-32-544 is not a user or a computer. I changed Owner of the file on the server to OWNER:CIFSTESTDOM\Domain Users but the same error during wbcSidToUid [2010/12/02 14:36:20, 5] winbindd/winbindd_sid.c:sid2uid_lookupsid_recv(192) sid2uid_lookupsid_recv: Sid S-1-5-21-2849063682-2007077719-983662776-513 is not a user or a computer. [[2010/12/02 14:36:20, 7] winbindd/winbindd_idmap.c:winbindd_sid2gid_async(363) winbindd_sid2gid_async: Resolving S-1-5-21-2849063682-2007077719-983662776-513 to a gid If I change Owner to OWNER:CIFSTESTDOM\Administrator, then it works /tmp/getcifsacl /mnt/smb_d/Makefile REVISION:0x1 CONTROL:0x9404 OWNER:CIFSTESTDOM\Administrator GROUP:CIFSTESTDOM\Domain Users ACL:CIFSTESTDOM\Domain Users:DENIED/0x0/0x1 ACL:CIFSTESTDOM\Administrator:ALLOWED/0x0/0x1700a1 ACL:BUILTIN\Performance Log Users:ALLOWED/0x0/CHANGE ACL:CIFSTESTDOM\stevef:ALLOWED/0x0/FULL cifstest6:/usr/src/linux.ssp.cifs.09092010.l/cifs-2.6 # cat /var/log/messages cifs.upcall: Owner wbcStringToSid: S-1-5-21-2849063682-2007077719-983662776-500, rc: 0 cifs.upcall: Owner wbcSidToUid: S-1-5-21-2849063682-2007077719-983662776-500, uid: 1, rc: 0 cifs.upcall: Group wbcStringToSid: S-1-5-21-2849063682-2007077719-983662776-513, rc: 0 cifs.upcall: Group wbcSidToGid: S-1-5-21-2849063682-2007077719-983662776-513, gid: 10010, rc: 0 Is this the expected behaviour, some sids can_not/will_not be mapped such as this Owner BUILTIN\Administrators. Regads, Shirish One more observation. winbind, for some IDs, can't/doesn't look up names, for some it does. # wbinfo -s S-1-5-21-2849063682-2007077719-983662776-513 Could not lookup sid S-1-5-21-2849063682-2007077719-983662776-513 # wbinfo -s S-1-5-21-2849063682-2007077719-983662776-513 CIFSTESTDOM#Domain Users 2 # /tmp/getcifsacl /mnt/smb_f/Makefile2 REVISION:0x1 CONTROL:0x9004 OWNER:BUILTIN\Administrators GROUP:CIFSTESTDOM\Domain Users ACL:CIFSTESTDOM\Domain Users:DENIED/0x0/D ACL:CIFSTESTDOM\Administrator:ALLOWED/0x0/0x1700a1 ACL:BUILTIN\Performance Log Users:ALLOWED/0x0/CHANGE ACL:CIFSTESTDOM\stevef:ALLOWED/0x0/FULL # ls -ln /mnt/smb_f/Makefile2 -- 1 0 10010 0 Nov 13 13:55
Re: [Samba] winbind sometimes does not resolve sid to a name
On Tue, Nov 16, 2010 at 10:19 AM, Shirish Pargaonkar shirishpargaon...@gmail.com wrote: On Sat, Nov 13, 2010 at 5:34 PM, Michael Wood esiot...@gmail.com wrote: On 14 November 2010 01:16, Shirish Pargaonkar shirishpargaon...@gmail.com wrote: On Sat, Nov 13, 2010 at 4:52 PM, Michael Adam ob...@samba.org wrote: Hi Shirish, Shirish Pargaonkar wrote: On Mon, Nov 8, 2010 at 1:47 PM, Jeremy Allison j...@samba.org wrote: On Mon, Nov 08, 2010 at 01:21:30PM -0600, Shirish Pargaonkar wrote: Sometimes a group sid does not get resolved to its name. Is this a settings problem? Looks like winbind deamon went dormant for a while and then woke up? I am using interface wbcLookupSid provided by the library libwbclient.so for resolving sids to names. These are the winbind related parameters in /etc/samba/smb.conf Not enough information for useful debugging. What do the winbindd logs say ? ps -eaf | grep winbind root 20085 1 0 14:03 ? 00:00:00 /usr/sbin/winbindd -D root 20086 20085 0 14:03 ? 00:00:00 /usr/sbin/winbindd -D root 20089 20085 0 14:03 ? 00:00:00 /usr/sbin/winbindd -D Cleared /var/log/samba/winbindd.log just before issueing command getcifsacl which could not resolve the group SID winbindd.log attached. not really. :-) Cheers - Michael Michael, not sure what is implied. The log is not sufficient? No, the mailing list (sometimes) strips attachments. There was no log file attached to your e-mail when I received it. I see two error messages in the log. [2010/11/08 14:32:56, 5] winbindd/winbindd_async.c:lookupsid_recv2(138) lookupsid (forest root) returned an error [2010/11/08 14:32:56, 5] winbindd/winbindd_sid.c:lookupsid_recv(61) lookupsid returned an error -- Michael Wood esiot...@gmail.com Hope this attachment sticks. Regards, Shirish I see one more type error while using winbind, wbcSidToUid returns error 7 but wbcSidToGid succeeds. /tmp/getcifsacl /mnt/smb_d/Makefile REVISION:0x1 CONTROL:0x9404 OWNER:BUILTIN\Administrators GROUP:CIFSTESTDOM\Domain Users ACL:CIFSTESTDOM\Domain Users:DENIED/0x0/0x1 ACL:CIFSTESTDOM\Administrator:ALLOWED/0x0/0x1700a1 ACL:BUILTIN\Performance Log Users:ALLOWED/0x0/CHANGE ACL:CIFSTESTDOM\stevef:ALLOWED/0x0/FULL # cat /var/log/messages cifs.upcall: Owner wbcStringToSid: S-1-5-32-544, rc: 0 cifs.upcall: Owner wbcSidToUid: S-1-5-32-544, uid: 0, rc: 7 cifs.upcall: Group wbcStringToSid: S-1-5-21-2849063682-2007077719-983662776-513, rc: 0 cifs.upcall: Group wbcSidToGid: S-1-5-21-2849063682-2007077719-983662776-513, gid: 10010, rc: 0 Error winbindd.log file is as follows: sid2uid_lookupsid_recv: Sid S-1-5-32-544 is not a user or a computer. I changed Owner of the file on the server to OWNER:CIFSTESTDOM\Domain Users but the same error during wbcSidToUid [2010/12/02 14:36:20, 5] winbindd/winbindd_sid.c:sid2uid_lookupsid_recv(192) sid2uid_lookupsid_recv: Sid S-1-5-21-2849063682-2007077719-983662776-513 is not a user or a computer. [[2010/12/02 14:36:20, 7] winbindd/winbindd_idmap.c:winbindd_sid2gid_async(363) winbindd_sid2gid_async: Resolving S-1-5-21-2849063682-2007077719-983662776-513 to a gid If I change Owner to OWNER:CIFSTESTDOM\Administrator, then it works /tmp/getcifsacl /mnt/smb_d/Makefile REVISION:0x1 CONTROL:0x9404 OWNER:CIFSTESTDOM\Administrator GROUP:CIFSTESTDOM\Domain Users ACL:CIFSTESTDOM\Domain Users:DENIED/0x0/0x1 ACL:CIFSTESTDOM\Administrator:ALLOWED/0x0/0x1700a1 ACL:BUILTIN\Performance Log Users:ALLOWED/0x0/CHANGE ACL:CIFSTESTDOM\stevef:ALLOWED/0x0/FULL cifstest6:/usr/src/linux.ssp.cifs.09092010.l/cifs-2.6 # cat /var/log/messages cifs.upcall: Owner wbcStringToSid: S-1-5-21-2849063682-2007077719-983662776-500, rc: 0 cifs.upcall: Owner wbcSidToUid: S-1-5-21-2849063682-2007077719-983662776-500, uid: 1, rc: 0 cifs.upcall: Group wbcStringToSid: S-1-5-21-2849063682-2007077719-983662776-513, rc: 0 cifs.upcall: Group wbcSidToGid: S-1-5-21-2849063682-2007077719-983662776-513, gid: 10010, rc: 0 Is this the expected behaviour, some sids can_not/will_not be mapped such as this Owner BUILTIN\Administrators. Regads, Shirish -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind sometimes does not resolve sid to a name
On Sat, Nov 13, 2010 at 5:34 PM, Michael Wood esiot...@gmail.com wrote: On 14 November 2010 01:16, Shirish Pargaonkar shirishpargaon...@gmail.com wrote: On Sat, Nov 13, 2010 at 4:52 PM, Michael Adam ob...@samba.org wrote: Hi Shirish, Shirish Pargaonkar wrote: On Mon, Nov 8, 2010 at 1:47 PM, Jeremy Allison j...@samba.org wrote: On Mon, Nov 08, 2010 at 01:21:30PM -0600, Shirish Pargaonkar wrote: Sometimes a group sid does not get resolved to its name. Is this a settings problem? Looks like winbind deamon went dormant for a while and then woke up? I am using interface wbcLookupSid provided by the library libwbclient.so for resolving sids to names. These are the winbind related parameters in /etc/samba/smb.conf Not enough information for useful debugging. What do the winbindd logs say ? ps -eaf | grep winbind root 20085 1 0 14:03 ? 00:00:00 /usr/sbin/winbindd -D root 20086 20085 0 14:03 ? 00:00:00 /usr/sbin/winbindd -D root 20089 20085 0 14:03 ? 00:00:00 /usr/sbin/winbindd -D Cleared /var/log/samba/winbindd.log just before issueing command getcifsacl which could not resolve the group SID winbindd.log attached. not really. :-) Cheers - Michael Michael, not sure what is implied. The log is not sufficient? No, the mailing list (sometimes) strips attachments. There was no log file attached to your e-mail when I received it. I see two error messages in the log. [2010/11/08 14:32:56, 5] winbindd/winbindd_async.c:lookupsid_recv2(138) lookupsid (forest root) returned an error [2010/11/08 14:32:56, 5] winbindd/winbindd_sid.c:lookupsid_recv(61) lookupsid returned an error -- Michael Wood esiot...@gmail.com Hope this attachment sticks. Regards, Shirish -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind sometimes does not resolve sid to a name
Hi Shirish, Shirish Pargaonkar wrote: On Mon, Nov 8, 2010 at 1:47 PM, Jeremy Allison j...@samba.org wrote: On Mon, Nov 08, 2010 at 01:21:30PM -0600, Shirish Pargaonkar wrote: Sometimes a group sid does not get resolved to its name. Is this a settings problem? Looks like winbind deamon went dormant for a while and then woke up? I am using interface wbcLookupSid provided by the library libwbclient.so for resolving sids to names. These are the winbind related parameters in /etc/samba/smb.conf Not enough information for useful debugging. What do the winbindd logs say ? ps -eaf | grep winbind root 20085 1 0 14:03 ?00:00:00 /usr/sbin/winbindd -D root 20086 20085 0 14:03 ?00:00:00 /usr/sbin/winbindd -D root 20089 20085 0 14:03 ?00:00:00 /usr/sbin/winbindd -D Cleared /var/log/samba/winbindd.log just before issueing command getcifsacl which could not resolve the group SID winbindd.log attached. not really. :-) Cheers - Michael pgpmiRUIOzSAA.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind sometimes does not resolve sid to a name
On Sat, Nov 13, 2010 at 4:52 PM, Michael Adam ob...@samba.org wrote: Hi Shirish, Shirish Pargaonkar wrote: On Mon, Nov 8, 2010 at 1:47 PM, Jeremy Allison j...@samba.org wrote: On Mon, Nov 08, 2010 at 01:21:30PM -0600, Shirish Pargaonkar wrote: Sometimes a group sid does not get resolved to its name. Is this a settings problem? Looks like winbind deamon went dormant for a while and then woke up? I am using interface wbcLookupSid provided by the library libwbclient.so for resolving sids to names. These are the winbind related parameters in /etc/samba/smb.conf Not enough information for useful debugging. What do the winbindd logs say ? ps -eaf | grep winbind root 20085 1 0 14:03 ? 00:00:00 /usr/sbin/winbindd -D root 20086 20085 0 14:03 ? 00:00:00 /usr/sbin/winbindd -D root 20089 20085 0 14:03 ? 00:00:00 /usr/sbin/winbindd -D Cleared /var/log/samba/winbindd.log just before issueing command getcifsacl which could not resolve the group SID winbindd.log attached. not really. :-) Cheers - Michael Michael, not sure what is implied. The log is not sufficient? I see two error messages in the log. [2010/11/08 14:32:56, 5] winbindd/winbindd_async.c:lookupsid_recv2(138) lookupsid (forest root) returned an error [2010/11/08 14:32:56, 5] winbindd/winbindd_sid.c:lookupsid_recv(61) lookupsid returned an error -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind sometimes does not resolve sid to a name
On 14 November 2010 01:16, Shirish Pargaonkar shirishpargaon...@gmail.com wrote: On Sat, Nov 13, 2010 at 4:52 PM, Michael Adam ob...@samba.org wrote: Hi Shirish, Shirish Pargaonkar wrote: On Mon, Nov 8, 2010 at 1:47 PM, Jeremy Allison j...@samba.org wrote: On Mon, Nov 08, 2010 at 01:21:30PM -0600, Shirish Pargaonkar wrote: Sometimes a group sid does not get resolved to its name. Is this a settings problem? Looks like winbind deamon went dormant for a while and then woke up? I am using interface wbcLookupSid provided by the library libwbclient.so for resolving sids to names. These are the winbind related parameters in /etc/samba/smb.conf Not enough information for useful debugging. What do the winbindd logs say ? ps -eaf | grep winbind root 20085 1 0 14:03 ?00:00:00 /usr/sbin/winbindd -D root 20086 20085 0 14:03 ?00:00:00 /usr/sbin/winbindd -D root 20089 20085 0 14:03 ?00:00:00 /usr/sbin/winbindd -D Cleared /var/log/samba/winbindd.log just before issueing command getcifsacl which could not resolve the group SID winbindd.log attached. not really. :-) Cheers - Michael Michael, not sure what is implied. The log is not sufficient? No, the mailing list (sometimes) strips attachments. There was no log file attached to your e-mail when I received it. I see two error messages in the log. [2010/11/08 14:32:56, 5] winbindd/winbindd_async.c:lookupsid_recv2(138) lookupsid (forest root) returned an error [2010/11/08 14:32:56, 5] winbindd/winbindd_sid.c:lookupsid_recv(61) lookupsid returned an error -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] winbind sometimes does not resolve sid to a name
Sometimes a group sid does not get resolved to its name. Is this a settings problem? Looks like winbind deamon went dormant for a while and then woke up? I am using interface wbcLookupSid provided by the library libwbclient.so for resolving sids to names. These are the winbind related parameters in /etc/samba/smb.conf [global] # separate domain and username with '\', like DOMAIN\username winbind separator = \ # # use uids from 1 to 2 for domain users idmap uid = 1-2 # use gids from 1 to 2 for domain groups idmap gid = 1-2 # allow enumeration of winbind users and groups winbind enum users = yes winbind enum groups = yes winbind use default domain = yes cifstest6:/tmp # date;/tmp/getcifsacl /mnt/smb_c/Makefile Mon Nov 8 11:03:43 CST 2010 Revision: 0x1 Type: 0x9404 Owner: BUILTIN\Administrators Group: CIFSTESTDOM\Domain Users ACE: CIFSTESTDOM\Administrator: Allowed/ 0x0/ 0x1700a1 ACE: BUILTIN\Performance Log Users: Allowed/ 0x0/ CHANGE ACE: CIFSTESTDOM\stevef: Allowed/ 0x0/ FULL cifstest6:/tmp # date;/tmp/getcifsacl /mnt/smb_c/Makefile Mon Nov 8 11:08:59 CST 2010 Revision: 0x1 Type: 0x9404 Owner: BUILTIN\Administrators Group: CIFSTESTDOM\Domain Users ACE: CIFSTESTDOM\Administrator: Allowed/ 0x0/ 0x1700a1 ACE: BUILTIN\Performance Log Users: Allowed/ 0x0/ CHANGE ACE: CIFSTESTDOM\stevef: Allowed/ 0x0/ FULL cifstest6:/tmp # date;/tmp/getcifsacl /mnt/smb_c/Makefile Mon Nov 8 11:09:08 CST 2010 Revision: 0x1 Type: 0x9404 Owner: BUILTIN\Administrators Group: CIFSTESTDOM\Domain Users ACE: CIFSTESTDOM\Administrator: Allowed/ 0x0/ 0x1700a1 ACE: BUILTIN\Performance Log Users: Allowed/ 0x0/ CHANGE ACE: CIFSTESTDOM\stevef: Allowed/ 0x0/ FULL cifstest6:/tmp # date;/tmp/getcifsacl /mnt/smb_c/Makefile Mon Nov 8 11:23:38 CST 2010 Revision: 0x1 Type: 0x9404 Owner: BUILTIN\Administrators Group: CIFSTESTDOM\Domain Users ACE: CIFSTESTDOM\Administrator: Allowed/ 0x0/ 0x1700a1 ACE: BUILTIN\Performance Log Users: Allowed/ 0x0/ CHANGE ACE: CIFSTESTDOM\stevef: Allowed/ 0x0/ FULL cifstest6:/tmp # date;/tmp/getcifsacl /mnt/smb_c/Makefile Mon Nov 8 12:59:07 CST 2010 Revision: 0x1 Type: 0x9404 Owner: BUILTIN\Administrators Group: S-1-5-21-2849063682-2007077719-983662776-513 - ACE: CIFSTESTDOM\Administrator: Allowed/ 0x0/ 0x1700a1 ACE: BUILTIN\Performance Log Users: Allowed/ 0x0/ CHANGE ACE: CIFSTESTDOM\stevef: Allowed/ 0x0/ FULL cifstest6:/tmp # date;/tmp/getcifsacl /mnt/smb_c/Makefile Mon Nov 8 13:06:43 CST 2010 Revision: 0x1 Type: 0x9404 Owner: BUILTIN\Administrators Group: CIFSTESTDOM\Domain Users ACE: CIFSTESTDOM\Administrator: Allowed/ 0x0/ 0x1700a1 ACE: BUILTIN\Performance Log Users: Allowed/ 0x0/ CHANGE ACE: CIFSTESTDOM\stevef: Allowed/ 0x0/ FULL -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind sometimes does not resolve sid to a name
On Mon, Nov 08, 2010 at 01:21:30PM -0600, Shirish Pargaonkar wrote: Sometimes a group sid does not get resolved to its name. Is this a settings problem? Looks like winbind deamon went dormant for a while and then woke up? I am using interface wbcLookupSid provided by the library libwbclient.so for resolving sids to names. These are the winbind related parameters in /etc/samba/smb.conf Not enough information for useful debugging. What do the winbindd logs say ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind sometimes does not resolve sid to a name
On Mon, Nov 8, 2010 at 1:47 PM, Jeremy Allison j...@samba.org wrote: On Mon, Nov 08, 2010 at 01:21:30PM -0600, Shirish Pargaonkar wrote: Sometimes a group sid does not get resolved to its name. Is this a settings problem? Looks like winbind deamon went dormant for a while and then woke up? I am using interface wbcLookupSid provided by the library libwbclient.so for resolving sids to names. These are the winbind related parameters in /etc/samba/smb.conf Not enough information for useful debugging. What do the winbindd logs say ? ps -eaf | grep winbind root 20085 1 0 14:03 ?00:00:00 /usr/sbin/winbindd -D root 20086 20085 0 14:03 ?00:00:00 /usr/sbin/winbindd -D root 20089 20085 0 14:03 ?00:00:00 /usr/sbin/winbindd -D Cleared /var/log/samba/winbindd.log just before issueing command getcifsacl which could not resolve the group SID winbindd.log attached. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
