-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mac wrote:
|>| create_canon_ace_lists: unable to map SID |>| S-1-5-21-973294077-3660535-3933214913-1177 to uid or gid. |> |>Sounds like bug 1139 which was fixed in 3.0.3rc1. | | Have just downloaded 3.0.3rc1 and compiled. | | Could some kind soul please explain just what _should_ | happen here and how. | | I'm guessing that the XP Pro client has supplied a SID | for some purpose and Samba is trying to match that to | UNIX credentials. | | Clearly this can't work, _ever_, because the Samba | server doesn't know anything about SIDs, especially not this | one as it was generated by the AD domain controller when | the user (jsmith) was created. | | How do I tell Samba what the SID is for any particular username? | | Should I use 'idmap'? (and pre-populate it from the AD?)
Is this SID, S-1-5-21-973294077-3660535-3933214913-1177, from the AD domain or the local XP box ? Samba does understand SIDs. We receive the user's info during the net_samlogon() or by some other means.
If all of the AD users and groups have matching pre-existing UNIX counterparts, then you can run winbindd and set 'winbindd trusted domains only = yes' to get the domain SID matched to existing UNIX account.
If you do not run winbindd, the UNIX users and groups are matched to a SID local to the Samba server (and hence why you will sometimes see this error message in your logs).
Hope this helps.
cheers, jerry - ---------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." ----------- Sting -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAjmMHIR7qMdg1EfYRAm3UAJ0WwEzUTTRPs1hOTZj2Ny93N6YZ7QCgy7DQ pKWuYmFxrzq9otL73r4ENw0= =rd4S -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba