winbindd_idmap.tdb recovery

MCCALL,DON (HP-USA,ex1) don_mccall at
Tue Feb 5 16:51:01 GMT 2002

Hi Michael,
Sorry I was in a bit of a rush when I sent you that cobbled together perl
The idea behind the script is twofold:
1. If you use it immediately after joining the domain and starting winbindd,
any connections are made to your system, then running the resultant

should give you repeatable results, if you then took those scripts over to
winbindd machine, and ran them after newly joining IT to the domain and
starting up
winbindd - That is to say, both machines would agree as to the uid and gid
mapping to the 
WIN2k domain users and groups.  Of course, if new users are added, these
machines could get
out of sync, as the new users attached to each machine possibly in different

The other way I envisioned using these was more in a disaster recovery mode,
as you mentioned.

Run these scripts every night as part of your backup, and you should
generate a uid/username and gid/groupname log that you could then use with
wbinfo to reassign mapping in the event of a loss/corruption of the tdb...

Hope this helps,

btw - I don't imagine this scales very well - I didn't write it for speed...

-----Original Message-----
From: Michael Steffens [mailto:michael_steffens at]
Sent: Tuesday, February 05, 2002 5:43 AM
To: samba-technical at
Subject: winbindd_idmap.tdb recovery


I'm a bit concerned about how to recover winbindd_idmap.tdb,
in case it should ever be trashed, for whichever reason.

Are there any recommended or proposed ways for doing this?

What I'm dreaming of is a way of creating a plain text dump
of this file, which can be backed up and be used for repairing
winbindd_idmap.tdb in case of desaster.

Even better if winbindd could also log all newly created mappings
in the same plain text format into an ID mapping log.

Using plain text for this purpose would have the advantage
that merging, checking consistency, applying corrections, or
chown'ing through the file system, could be done with standard
Unix methods and adjusted to what has actually happened.


More information about the samba-technical mailing list