Hi,
the attached enhancements of SID related debug messages were quite
useful for me for tracking down where "strange" SIDs winbindd
complained about are coming from.
Being there I found that my suspicous SIDs are included in the
user token from DC on domain client validation, in the "other
sids" section. Is this the place where W2k SID history lives?
Cheers!
Michael
Index: source/nsswitch/winbindd_group.c
===================================================================
RCS file: /cvsroot/samba/source/nsswitch/winbindd_group.c,v
retrieving revision 1.3.4.25
diff -u -r1.3.4.25 winbindd_group.c
--- source/nsswitch/winbindd_group.c 14 Oct 2002 03:00:14 -0000 1.3.4.25
+++ source/nsswitch/winbindd_group.c 31 Mar 2003 11:46:32 -0000
@@ -290,7 +290,10 @@
sid_append_rid(&group_sid, group_rid);
if (!winbindd_lookup_name_by_sid(&group_sid, dom_name, group_name,
&name_type)) {
- DEBUG(1, ("could not lookup sid\n"));
+ fstring temp;
+
+ sid_to_string(temp, &group_sid);
+ DEBUG(1, ("could not lookup sid %s\n", temp));
return WINBINDD_ERROR;
}
Index: source/nsswitch/winbindd_util.c
===================================================================
RCS file: /cvsroot/samba/source/nsswitch/winbindd_util.c,v
retrieving revision 1.7.4.26
diff -u -r1.7.4.26 winbindd_util.c
--- source/nsswitch/winbindd_util.c 4 Mar 2003 23:35:50 -0000 1.7.4.26
+++ source/nsswitch/winbindd_util.c 31 Mar 2003 11:46:32 -0000
@@ -262,7 +262,7 @@
domain = find_domain_from_sid(sid);
if (!domain) {
- DEBUG(1,("Can't find domain from sid\n"));
+ DEBUG(1,("Can't find domain from sid %s\n", sid_string_static(sid)));
return False;
}
Index: source/smbd/password.c
===================================================================
RCS file: /cvsroot/samba/source/smbd/password.c,v
retrieving revision 1.186.2.71
diff -u -r1.186.2.71 password.c
--- source/smbd/password.c 4 Mar 2003 23:36:00 -0000 1.186.2.71
+++ source/smbd/password.c 31 Mar 2003 11:46:32 -0000
@@ -1667,6 +1667,16 @@
sid_append_rid(&ptok->user_sids[i], info3.gids[i].g_rid);
}
+ if (DEBUGLVL(10)) {
+ dbgtext("info3 group sids for %s in domain %s\n", user,
domain);
+ for (i = 0; i < info3.num_groups2; i++) {
+ fstring temp;
+
+ sid_to_string(temp, &ptok->user_sids[i]);
+ dbgtext(" [%d] %s\n", i, temp);
+ }
+ }
+
/* Universal group memberships for other domains are
stored in the info3.other_sids field. We also need to
do sid filtering here. */
@@ -1674,6 +1684,16 @@
for (i = 0; i < info3.num_other_sids; i++)
sid_copy(&ptok->user_sids[info3.num_groups2 + i],
&info3.other_sids[i].sid);
+
+ if (DEBUGLVL(10)) {
+ dbgtext("info3 other sids for %s in domain %s\n", user,
domain);
+ for (i = 0; i < info3.num_other_sids; i++) {
+ fstring temp;
+
+ sid_to_string(temp, &ptok->user_sids[info3.num_groups2
+ i]);
+ dbgtext(" [%d] %s\n", i, temp);
+ }
+ }
*pptoken = ptok;
}
