[Samba] wbinfo / Could not convert sid to gid / uid
Georg Roelli
Hello
My is environment: Ubuntu 8.04 LTS, Squid 2.6.18, Samba 3.0.28a
For Squid I need the query of a global group from Active Directory 2003.
This works beautifully, but unfortunately not always. There are global groups which works to transform and others where it does not work.
Here are my entries for test:
# wbinfo -n nobadurl
S-1-5-21-986273330-1409306274-1541874228-9965 Domain Group (2)
# wbinfo -Y S-1-5-21-986273330-1409306274-1541874228-9965
Could not convert sid S-1-5-21-986273330-1409306274-1541874228-9965 to gid
# wbinfo -n www-Access
S-1-5-21-986273330-1409306274-1541874228-2514 Domain Group (2)
# wbinfo -Y S-1-5-21-986273330-1409306274-1541874228-2514
10011
I am a little confused. Why the conversion goes for one group but for the other one not?
I've tried a lot, unfortunately without success.
Is there a log I can turn on what can help me?
What is the value wbinfo take out of the AD to convert the SID to UID or GID?
Is there another way I can figure out why the conversion does not work?
Thanks for your help.
Kind regards, G.
_________________________________________________________________
Ski-Weltcup: Alle Rennen, alle Resultate und News auf MSN Sport
http://sport.ch.msn.com/skialpin/
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Robert LeBlanc
>
> Hello
>
> My is environment: Ubuntu 8.04 LTS, Squid 2.6.18, Samba 3.0.28a
>
> For Squid I need the query of a global group from Active Directory 2003.
> This works beautifully, but unfortunately not always. There are global
> groups which works to transform and others where it does not work.
>
> Here are my entries for test:
>
> # wbinfo -n nobadurl
> S-1-5-21-986273330-1409306274-1541874228-9965 Domain Group (2)
>
> # wbinfo -Y S-1-5-21-986273330-1409306274-1541874228-9965
> Could not convert sid S-1-5-21-986273330-1409306274-1541874228-9965 to gid
>
> # wbinfo -n www-Access
> S-1-5-21-986273330-1409306274-1541874228-2514 Domain Group (2)
>
> # wbinfo -Y S-1-5-21-986273330-1409306274-1541874228-2514
> 10011
>
> I am a little confused. Why the conversion goes for one group but for the
> other one not?
> I've tried a lot, unfortunately without success.
>
> Is there a log I can turn on what can help me?
> What is the value wbinfo take out of the AD to convert the SID to UID or
> GID?
> Is there another way I can figure out why the conversion does not work?
>
> Thanks for your help.
>
> Kind regards, G.
>
>
I would check /var/log/samba/log.winbindd or /var/log/samba/log.wb.<DOMAIN>.
I would suspect that you may have run out of gids allocated to groups (your
rang is not big enough). The logs should help you pinpoint the problem
though.
Robert LeBlanc
Life Sciences & Undergraduate Education Computer Support
Brigham Young University
Georg Roelli
________________________________
> Date: Tue, 8 Dec 2009 08:55:05 -0700
> Subject: Re: [Samba] wbinfo / Could not convert sid to gid / uid
> From: rob...@leblancnet.us
> To: roe...@hotmail.com
> CC: sa...@lists.samba.org
>
> On Tue, Dec 8, 2009 at 7:55 AM, Georg Roelli> wrote:
>
>
>
> Hello
>
>
>
> My is environment: Ubuntu 8.04 LTS, Squid 2.6.18, Samba 3.0.28a
>
>
>
> For Squid I need the query of a global group from Active Directory 2003.
>
> This works beautifully, but unfortunately not always. There are global groups which works to transform and others where it does not work.
>
>
>
> Here are my entries for test:
>
>
>
> # wbinfo -n nobadurl
>
> S-1-5-21-986273330-1409306274-1541874228-9965 Domain Group (2)
>
>
>
> # wbinfo -Y S-1-5-21-986273330-1409306274-1541874228-9965
>
> Could not convert sid S-1-5-21-986273330-1409306274-1541874228-9965 to gid
>
>
>
> # wbinfo -n www-Access
>
> S-1-5-21-986273330-1409306274-1541874228-2514 Domain Group (2)
>
>
>
> # wbinfo -Y S-1-5-21-986273330-1409306274-1541874228-2514
>
> 10011
>
>
>
> I am a little confused. Why the conversion goes for one group but for the other one not?
>
> I've tried a lot, unfortunately without success.
>
>
>
> Is there a log I can turn on what can help me?
>
> What is the value wbinfo take out of the AD to convert the SID to UID or GID?
>
> Is there another way I can figure out why the conversion does not work?
>
>
>
> Thanks for your help.
>
>
>
> Kind regards, G.
>
>
>
> I would check /var/log/samba/log.winbindd or /var/log/samba/log.wb.. I would suspect that you may have run out of gids allocated to groups (your rang is not big enough). The logs should help you pinpoint the problem though.
>
>
> Robert LeBlanc
> Life Sciences & Undergraduate Education Computer Support
> Brigham Young University
>
>
Thanks for the note.
I get following results in the logs for those SID which couldn't convert.
log.winbindd:
[2009/12/09 10:57:14, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491)
[15791]: request interface version
[2009/12/09 10:57:14, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524)
[15791]: request location of privileged pipe
[2009/12/09 10:57:14, 3] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(308)
[15791]: sid to gid S-1-5-21-986273330-1409306274-1541874228-9965
log.wb-MYDOM:
[2009/12/09 10:57:14, 3] nsswitch/winbindd_async.c:winbindd_dual_lookupsid(754)
[21931]: lookupsid S-1-5-21-986273330-1409306274-1541874228-9965
[2009/12/09 10:57:14, 3] nsswitch/winbindd_ads.c:sequence_number(1010)
ads: fetch sequence_number for MYDOM
[2009/12/09 10:57:14, 3] nsswitch/winbindd_rpc.c:msrpc_sid_to_name(304)
sid_to_name [rpc] S-1-5-21-986273330-1409306274-1541874228-9965 for domain MYDOM
How can this help us now?
Regards, G.
_________________________________________________________________
Samichlaus und Weihnachts Fotos: direkt im Messenger mit Freunden austauschen
http://www.microsoft.com/switzerland/windows/de/windowslive/products/messenger.aspx?tab=2
Georg Roelli
----------------------------------------
> From: roe...@hotmail.com
> To: sa...@lists.samba.org
> Date: Wed, 9 Dec 2009 11:02:32 +0100
Hello
I have something very interesting, which would confirm the statement from Robert.
Until now I have made all the tests on a virtual clone. Now I have reproduced the installation on the productive system.
Here I get a GID for the group nobadurl. Possibly I run out of gids allocated to groups.
How do I find out, how great my range for GID must be and how can I change this value. I now there exist to values in the smb.conf.
Idmap uid and Idmap gid are now 10000-20000. I have changed these values one time but without success. I got no GID for the group nobadurl.
Who can help me?
Kind regards, G.
Robert LeBlanc
>
> Hello
>
> I have something very interesting, which would confirm the statement from
> Robert.
> Until now I have made all the tests on a virtual clone. Now I have
> reproduced the installation on the productive system.
> Here I get a GID for the group nobadurl. Possibly I run out of gids
> allocated to groups.
>
> How do I find out, how great my range for GID must be and how can I change
> this value. I now there exist to values in the smb.conf.
> Idmap uid and Idmap gid are now 10000-20000. I have changed these values
> one time but without success. I got no GID for the group nobadurl.
>
> Who can help me?
>
> Kind regards, G.
>
>
The logs didn't seem to give any additional info. Do you have less than
10,000 groups in your AD? You can set that as high as you want. You will
need to restart the winbind service. You probably do NOT want to clear the
id cache, this will mess up your old rids. We use idmap_hash which has 10
digits in the id and gid, so you can go very high, you just have to be
careful that some apps don't have problems. We only found a problem with a
database that stored the uid and it wasn't wide enough.
Robert LeBlanc
Life Sciences & Undergraduate Education Computer Support
Brigham Young University
Oscar Aparicio Holgado
I have compiled one or two kernels in the past with localmodconfig option :-))
I will try to compile this one 3.13.7 kernel and make a try.
For the moment i have createt 3 virtual machines in my computer, two debian servers with sernet samba "classic", one with xfs and another one with ext4, and w7 machine.
I have copied 4 gb iso file to debians servers and i have noticed that xfs is more faster to write than ext4 server.
I will try compiling this kernel in the xfs virtual machine and try :))
Thanks!
> Subject: Compile kernel with Xeon instructions was: suggestions for a "fast" fileserver - 1G / 10G - focus on smb.conf/samba
> From: pe...@serbe.ch
> To: sa...@lists.samba.org; peluc...@hotmail.com
> Date: Thu, 27 Mar 2014 14:52:37 +0100
>
> Hi Oscar,
>
> this is pretty easy. I took advice from here:
>
> http://www.tecmint.com/kernel-compilation-in-debian-linux/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+tecmint+%28Tecmint%3A+Linux+Howto%27s+Guide%29
>
> In the menuconfig browse to "Processor Type and Features", there You
> can check the "Core 2/newer Xeon" option.
> To the best of my knowledge the default gcc version should do. On my
> Jessie box I happened to find gcc 4.8.2. But I have a hard time, thinking
> that the gcc version shipped with Wheezy wasn't able to compile it just
> as good.
>
> Best regards
> Peter
>
>
> Oscar Aparicio Holgado schrieb am 27.03.2014 13:05:
>
> > First sorry to invade this thread, but i'm interested to try this advices in my
> > virtual machines about compile 3.13.7 kernel.
> > I'm using Debian Wheezy, i have a doubt.
> > What GCC version i must use to compile kernel?, and most important, must be
> > enabled this options in config file : ?
> > *.- XEON instruction optimizations*.- block device caching
> > Thanks.
> > Oscar.
Silvio Giunge Silva a.k.a kanazuchi
that's right, pfSense is a firewall.
I work with a system based him, and we have a proxy solution inside the pfSense machine.The samba4 will not be a AD DC, only give support to single signon for squid and some tools to control the AD.
I think that i found what library is missing, i will make some tests and give the feedback in the list .
> Date: Mon, 1 Dec 2014 14:51:34 +0000
> From: rowlan...@googlemail.com
> To: sa...@lists.samba.org
> Subject: Re: [Samba] Problem to import passdb in samba-tool
>
> On 01/12/14 14:35, Michael Howard wrote:
> >
> > On 01/12/2014 14:17, Rowland Penny wrote:
> >> On 01/12/14 11:55, Silvio Giunge Silva a.k.a kanazuchi wrote:
> >>> So,
> >>> to provision samba4 i need of the samba-tool and it's not working.I
> >>> use poudriere to generate packages on FreeBSD, and the recursive
> >>> packages too.
> >>> I'm trying to discovery what lib that samba-tool needs ti import the
> >>> lib passdb and install it on the pfSense to make it work.
> >>>
> >>>> Date: Mon, 1 Dec 2014 10:23:23 +0000
> >>>> From: rowlan...@googlemail.com
> >>>> To: sa...@lists.samba.org
> >>>> Subject: Re: [Samba] Problem to import passdb in samba-tool
> >>>>
> >>>> On 01/12/14 01:56, Silvio Giunge wrote:
> >>>>> Rowland Penny <rowlandpenny <at> googlemail.com> writes:
> >>>>>
> >>>>>> On 27/11/14 17:10, Silvio Giunge Silva a.k.a kanazuchi wrote:
> >>>>>>> Hi people,when i try to start the samba-tool to do anything, it
> >>>>> returns me a error on passdb importI'm
> >>>>>> trying to find a answer on the list but nothing that can resolve
> >>>>> my problem.
> >>>>>>> the follow errors is in below
> >>>>>>> [2.2-BETA][root <at> pfSense.localdomain]/root: samba-
> >>>>> toolTraceback (most recent call last): File
> >>>>>> "/usr/local/bin/samba-tool", line 36, in <module> from
> >>>>> samba.netcmd.main import cmd_sambatool File
> >>>>>> "/usr/local/lib/python2.7/site-packages/samba/netcmd/main.py",
> >>>>> line 24, in <module> from
> >>>>>> samba.netcmd.delegation import cmd_delegation File
> >>>>>> "/usr/local/lib/python2.7/site-
> >>>>> packages/samba/netcmd/delegation.py", line 23, in <module> from
> >>>>>> samba import provision File
> >>>>>> "/usr/local/lib/python2.7/site-
> >>>>> packages/samba/provision/__init__.py", line 46, in <module>
> >>>>>> from samba.samba3 import smbd, passdb File
> >>>>>> "/usr/local/lib/python2.7/site-packages/samba/samba3/__init__.py",
> >>>>> line 29, in <module> import
> >>>>>> passdbImportError: /usr/local/lib/libsmbconf.so.0: Undefined
> >>>>> symbol "yp_match"
> >>>>>> Hi, could you post a bit more info, i.e. have you provisioned
> >>>>> samba ?
> >>>>>> what version of samba ?, what OS ?, what are you trying to do ?.
> >>>>>>
> >>>>>> Also please post your smb.conf
> >>>>>>
> >>>>>> Rowland
> >>>>>>
> >>>>> Hi Rowland
> >>>>>
> >>>>> I'm using pfSense 2.2 on FreeBSD 10.1 and samba4.
> >>>>> I think that this problem is because any lib is missing, i think
> >>>>> that can be anything with NIS
> >>>>>
> >>>>>
> >>>>>
> >>>> OK, where did you get samba4 from, is it a package from FreeBSD, or
> >>>> did
> >>>> you compile it yourself ?
> >>>>
> >>>> If you compiled it yourself, what packages did you install before the
> >>>> compile ?
> >>>>
> >>>> How did you provision samba4 ?
> >>>>
> >>>> Rowland
> >>>> --
> >>>> To unsubscribe from this list go to the following URL and read the
> >>>> instructions: https://lists.samba.org/mailman/options/samba
> >>>
> >> FreeBSD 10.1 in a VM, then installed samba41 from ports, I now know
> >> that FreeBSD is very similar to Gentoo, everything seems to be compiled!
> > But did you install pfsense (the system the OP is using), which is
> > based on FreeBSD but is not in fact, FreeBSD?
> >
> Well no, I am not really a 'BSD' user, but if samba 4 works on the
> genuine FreeBSD, but doesn't work on something that is based on Freebsd,
> this to me means that there must be something wrong with the samba 4
> package on pfsense.
>
> Having said that, I fail to see why the OP is trying to install an AD DC
> on something that is meant to be a firewall device (I googled pfsense),
> but it's his machine, he can do as he pleases.
>
> Rowland