[Samba] ldap idmap backend
Bruce Richardson
itsbruce at workshy.org
Thu Mar 17 07:30:51 MDT 2011
On Thu, Mar 17, 2011 at 04:02:29PM +0300, Vladimir Vassiliev wrote:
>
> Hi all,
>
> i use Samba 3.5.6 in ads mode (Windows 2008R2) with ldap idmap backend. Servers run Centos 4 and 5.
> I can't cope with next issue for long time.
>
> On all servers in domain winbind constantly tries to create mapping for
> <SID>-513
> and fails because of already existing entry.
> It just wastes gid range.
<DOMAIN-SID>-513 is the Domain Users group.
>
> Note that <SID> is not SID of main domain but another which name
> equal to hostname. For example on host FMS in domain CORP I have:
>
> wbinfo --all-domains
> BUILTIN
> FMS
> CORP
Why have you created a local computer domain, out of interest? Windows
does this, but you don't have to do it with samba. This has been the
cause of your problem; winbind is trying to map both <CORP-SID>-513 and
<FMS-SID>-513 to the same local group.
--
Bruce
Bitterly it mathinketh me, that I spent mine wholle lyf in the lists
against the ignorant. -- Roger Bacon, "Doctor Mirabilis"
More information about the samba
mailing list