[Samba] Winbind: SID2UID looks in own domain only ? - Samba

This is a discussion on [Samba] Winbind: SID2UID looks in own domain only ? - Samba ; Hi, Trusting domain: DOMA Trusted domain : DOMB We are running samba-winbind 3.0.24 and have problems when authenticating user from a trusted domain (DOMB) (idmap backend = ad) in to DOMA. After some investigations, we found that when we are ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: [Samba] Winbind: SID2UID looks in own domain only ?

  1. [Samba] Winbind: SID2UID looks in own domain only ?

    Hi,

    Trusting domain: DOMA
    Trusted domain : DOMB

    We are running samba-winbind 3.0.24 and have problems when
    authenticating user from a trusted domain (DOMB) (idmap backend = ad) in
    to DOMA.
    After some investigations, we found that when we are trying to login as
    a user from DOMB, it seems that sid2uid looks in own domain only, and
    fails to retrieve uid from sid.

    In DOMA:

    wbinfo -m shows the trusted domains OK.
    wbinfo -a DOMB\\user%password works .
    wbinfo -u list users from both domains.

    But wbinfo -i DOMB\\user returns

    Could not get info for user DOMB\user

    I have checked that the sid is retrieved correctly , but the sid2uid
    mapping does not succeed due to the fact that the lookup seems to take
    place in DOMA only and returns:

    Could not query user's DOMB\user uid


    I gather that this should work . Does anyone have any experiences from
    this ? I have seen some questions before regarding this while googling
    around but no answers.


    Thanx,
    Anders

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] Winbind: SID2UID looks in own domain only ?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Anders.Strandberg@tietoenator.com wrote:
    >
    > I gather that this should work . Does anyone have any
    > experiences from this ? I have seen some questions
    > before regarding this while googling around but no answers.


    This is a limitation of the idmap_ad pliugin currenytly (bug or RFE
    depending on how you look at it). The plugin doesn't have a proper
    connection mgr to contact more than its primary domain.




    jerry
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFIPsvvIR7qMdg1EfYRAgOHAJ9pObylxj+Jnwc+thAlpk 1IjGxeAwCfRaiB
    cSeaOAYh0024mNgEjO6/cgU=
    =RBtO
    -----END PGP SIGNATURE-----
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. Re: [Samba] Winbind: SID2UID looks in own domain only ?

    Gerald (Jerry) Carter wrote:
    > This is a limitation of the idmap_ad pliugin currenytly (bug or RFE
    > depending on how you look at it). The plugin doesn't have a proper
    > connection mgr to contact more than its primary domain.



    Good to know. It has been a major problem for us, running multiple domains.
    https://bugzilla.samba.org/show_bug.cgi?id=5363

    Are there any plans for fixing/enhancement?

    Christian McHugh
    Northern Arizona University
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  4. Re: [Samba] Winbind: SID2UID looks in own domain only ?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Christian McHugh wrote:
    > Gerald (Jerry) Carter wrote:
    >> This is a limitation of the idmap_ad pliugin currenytly (bug or RFE
    >> depending on how you look at it). The plugin doesn't have a proper
    >> connection mgr to contact more than its primary domain.

    >
    >
    > Good to know. It has been a major problem for us, running multiple
    > domains. https://bugzilla.samba.org/show_bug.cgi?id=5363
    >
    > Are there any plans for fixing/enhancement?


    Time basically. I know what to do. Maybe I can find a
    few cycles to get back to it soon.





    cheers, jerry
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFIQCIhIR7qMdg1EfYRAkFyAJ4vuvTmKO+WH1uMLV1F6c bpJzgjrACgx1R6
    959PgvOc5C1U7Z+L77gRf/g=
    =bsIq
    -----END PGP SIGNATURE-----
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread