winbindd_idmap.tdb recovery

Jean Francois Micouleau Jean-Francois.Micouleau at
Fri Feb 8 14:50:02 GMT 2002

On Fri, 8 Feb 2002, MCCALL,DON (HP-USA,ex1) wrote:

> That makes a lot of sense.  You could map a LOT of trusted domains into 6-7
> bits...
> Realistically, how many trusted domains would you find in even a large
> enterprise
> environment  (of course, 3 years ago I had a 1gig disk that I thought I'd
> never fill up,
> either...).
> And, of course, this still begs the question if M$ decides suddenly that it
> wants to
> force assign a particular service type user rid up near the 1billion mark...
> Stranger
> things have been done.
> The only other 'automatic' way I see around this is to go ahead and assign
> on a 1st come
> 1st serve basis, but require all the samba member servers in a particular
> domain to know
> about each other, and implement some sort of winbindd_idmap multiple master
> scheme, where
> if you didn't find a local map for the sid comming in, before you did the
> mapping, you
> checked with your 'samba ring' to see if the sid had been mapped anywhere
> else, and use
> the same mapping.  And with all the syncronization problems, etc. this could
> be a nightmare
> to bulletproof.

I wrote some code some time ago to move the uid<->rid cache on the PDC. I
did a first version for NT. Another solution is to have a winbind server
acting as a central cache. I think each solution is valid and have its
pros and cons.


More information about the samba-technical mailing list