Associated question...
When I perform the following looking up on a member server:
[root]# wbinfo -S S-1-5-21-2830206405-3223145701-231191277-7214
Could not convert sid S-1-5-21-2830206405-3223145701-231191277-7214 to uid
When the result is not cached on the machine doing the lookup (which by
the way I can't keep it from caching results even when I toss the "-n"
flag on winbindd), I see traffic between the member server and PDC.
Good. The PDC has access to all the information in needs to resolve
this query, it's all contained within a user/group entry in LDAP.
However, I can see no evidence it is trying to resolve this. If idmap
is the portion responsible for this resolution, doesn't it make sense
that I should be running idmap_ldap on the PDC?
I've been looking over the LDAP schema and it has the following:
objectclass ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top
AUXILIARY
DESC 'Mapping from a SID to an ID'
MUST ( sambaSID )
MAY ( uidNumber $ gidNumber ) )
which I do NOT have defined in our LDAP db. I'm planning to just toss
this in to see whether it helps, but still don't fully understand where
the idmap_ldap stuff should be defined...
Sorry the pieces just aren't falling into place. Hopefully, I'm not the
only one struggling with this and the resulting discussions can someday
help others.
Mark
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
