[Samba] [WINBIND] adds "weird" attributes in LDAP

[Michael Gasch]

hi list,
i recently recognized, that winbind on my fileserver (needed for 
allocating SID->UIDs when setting ACL's from windows box) adds ldap 
attributes although the SID already exists !!??!?!

example
i have a user "install"
# install, users, eva.mpg.de
dn: uid=install,ou=users,dc=eva,dc=mpg,dc=de
objectClass: posixAccount
objectClass: person
objectClass: sambaSamAccount
cn: install
uid: install
sn: install
displayName: install
uidNumber: 837
gidNumber: 500
sambaSID: S-1-5-21-3833542193-1936992747-4175797896-2674
sambaPrimaryGroupSID: S-1-5-21-3833542193-1936992747-4175797896-513
homeDirectory: /data/install/home
loginShell: /bin/false
sambaAcctFlags: [U          ]
sambaLogonScript: install.bat
sambaPwdMustChange: 9223372036854775807
sambaPwdCanChange: 1090994939
if i connect to his share everything is fine, but winbind complains about
Sep  8 08:17:48 nevanfs01 winbindd[25824]: [2004/09/08 08:17:48, 0] 
sam/idmap_ldap.c:ldap_get_sid_from_id(525)
Sep  8 08:17:48 nevanfs01 winbindd[25824]:   ldap_get_sid_from_id: 
mapping not found for gidNumber: 500
Sep  8 08:17:48 nevanfs01 winbindd[25824]: [2004/09/08 08:17:48, 0] 
sam/idmap_ldap.c:ldap_get_sid_from_id(525)
Sep  8 08:17:48 nevanfs01 winbindd[25824]:   ldap_get_sid_from_id: 
mapping not found for gidNumber: 0
   .
   .
   .
Sep  8 08:25:02 nevanfs01 winbindd[25824]:   ldap_get_sid_from_id: 
mapping not found for gidNumber: 500
Sep  8 08:25:02 nevanfs01 winbindd[25824]: [2004/09/08 08:25:02, 0] 
sam/idmap_ldap.c:ldap_set_mapping(103)
Sep  8 08:25:02 nevanfs01 winbindd[25824]:   ldap_set_mapping_internals: 
Failed to add mapping from S-1-5-21-3833542193-1936992747-4175797896-513 
to 500 [gidNumber]
Sep  8 08:25:02 nevanfs01 winbindd[25824]: [2004/09/08 08:25:02, 0] 
sam/idmap_ldap.c:ldap_set_mapping(105)
Sep  8 08:25:02 nevanfs01 winbindd[25824]:   ldap_set_mapping_internals: 
Error was:  (Already exists)


and adds the following entry to the ldap base
# S-1-5-21-3833542193-1936992747-4175797896-513, eva.mpg.de
dn: 
sambaSID=S-1-5-21-3833542193-1936992747-4175797896-513,dc=eva,dc=mpg,dc=de
objectClass: sambaIdmapEntry
objectClass: sambaSidEntry
gidNumber: 500
sambaSID: S-1-5-21-3833542193-1936992747-4175797896-513

**** smb.conf on fileserver ****
[global]
   workgroup = NEVAN
   netbios name = nevanfs01
   server string = NevanFS01 on Samba Version: %v
   username map = /etc/samba/username.map
   log level = 5
   log file = /var/lib/samba/log.%m
   max log size = 10000
   passdb backend = ldapsam:"ldap://nevanpdc.eva.mpg.de:389 
ldap://nevanbdc.eva.mpg.de:389";
   ldap passwd sync = yes
   ldap suffix = dc=eva,dc=mpg,dc=de
   ldap admin dn = uid=sambamanager,ou=users,dc=eva,dc=mpg,dc=de
   #ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
   ldap machine suffix = ou=machines
   ldap user suffix  = ou=users
   ldap group suffix = ou=groups
   ldap replication sleep = 2000

#  idmap backend = ldap:ldap://nevanpdc.eva.mpg.de:389 
ldap:ldap://nevanbdc.eva.mpg.de:389 -> funktioniert (noch) nicht
   idmap backend = ldap:ldap://nevanpdc.eva.mpg.de:389
#  ldap idmap suffix = ou=users
   idmap uid = 10000-50000
   idmap gid = 10000-50000

   winbind use default domain = yes
#   winbind enum users = no
#   winbind enum groups = no
   winbind trusted domains only = yes
   interfaces = eth0
   bind interfaces only = yes
   guest ok = no
   guest account = Guest
   security = domain
   local master = yes
   os level = 32
   domain master = no
   domain logons = no
   encrypt passwords = yes
   password server = nevanpdc, nevanbdc, *
#  socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
   wins support = yes
   dns proxy = no
   #add user script = /root/bin/BDC/adduser.sh '%u'
   #add machine script = /root/bin/BDC/addmachine.sh '%u'
   #add group script = /root/bin/BDC/addgroup.sh '%g'
   add user to group script = /root/bin/BDC/add_to_group.sh '%u' '%g'
   #delete user script = /root/bin/BDC/deleteuser_rpc.sh '%u'
   #delete group script = /root/bin/BDC/deletegroup.sh '%g'
   #delete user from group script = /root/bin/BDC/delete_from_group.sh 
'%u' '%g'

   display charset = UTF8
   unix charset = UTF8
   # store DOS ATTRIB (Archive, ReadOnly, ...) in extended attributes 
(FS must support it)
   # map options must be set "no"
   store dos attributes = yes
   map archive = no
   map system = no
   map hidden = no

   #printing = CUPS
   #printcap name = CUPS
   #load printers = yes
   #use client driver = yes
[homes]
   comment = Home-Drive for personal Data
   browseable = no
   writeable = yes
   force create mode = 0700
   force directory mode = 0700
   force group = root
******************************************************************************************************************
nevanfs01:/etc/samba # net groupmap list -d0
DomÀnen-GÀste (S-1-5-21-3833542193-1936992747-4175797896-514) -> nobody
DomÀnen-Benutzer (S-1-5-21-3833542193-1936992747-4175797896-513) -> users
could you enlight me please ??????
may be i have to set "winbind enum users = no" ????
thank you very much
--
         "Matrix - more than a vision"
**************************************************
                 Michael Gasch
           - Central IT Department -
Max Planck Institute for Evolutionary Anthropology
Deutscher Platz 6
04103 Leipzig
Germany
**************************************************
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba