[Bug 1307778] Re: getent group on trusty returns only local groups
Ryan Ritterson
rrpublic at gmail.com
Tue Oct 14 18:45:32 UTC 2014
I believe I have tracked down the source of this bug, which will
hopefully lead to an easy fix.
The problem appears to be the inability of SID S-1-18-1 to be mapped
(See https://support.microsoft.com/kb/2830145 for an explanation why).
Winbind gets a list of all groups, and that SID is returned, then
attempts to map them to GIDs but fails because that SID cannot be
mapped.
If one runs:
wbinfo -U [uid]
then takes the SID that results and does
wbinfo --user-sids=[users SID]
a list of groups will be returned, along with the users SID. I am able
to map all of them back to objects/groups in the domain, except for the
S-1-18-1 SID.
This nicely matches the output of
groups [user]
which on my machine returns all of the groups I belong to, except for
one, for which the command returns "groups: cannot find name for group
ID 100000", where 100000 is the beginning of the idmap * range in
smb.conf. I am almost certain the GID 100000 corresponds to the
unmappable S-1-18-1 SID and is the reason "getent group" only returns
local groups.
A patch may be as simple as winbind just ignoring S-1-18-1 and S-1-18-2
when returned as an SID for a group.
This appears to have been the behavior for earlier versions of winbind,
as running
wbinfo -s [user SID]
on a centos 6 machine using Samba 3.6 returns all of the SIDs for the
user's groups, except the bad S-1-18-1 SID.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1307778
Title:
getent group on trusty returns only local groups
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1307778/+subscriptions
More information about the Ubuntu-server-bugs
mailing list