winbind mapping depuration

Nahuel Greco ngreco at
Mon Feb 9 17:38:25 GMT 2004

On Mon, 9 Feb 2004 11:12:28 -0300
Nahuel Greco <ngreco at> wrote:

> Mm, that isn't an acceptable solution :) because I want to remove the
> mapping of the users that are deleted on the PDC. What kind of libraries
> do you suggest to me to write a simple script that checks the list of users
> on the PDC and removes the ones that are on the tdb mapping but don't have
> any files and aren't on the PDC? 

I will reformulate my question from samba-general on samba-technical:

Is possible to create an script that (for users and groups):

 1- Read each entry of the winbindd mapping from the winbind TDB file,
 2- It checks if the user/group exists on the PDC,
 3- If the user/group doesn't exist, then scan the disk shared directories
    searching for files owned by the user/group or ACLs with references to
 4- The user/group ownerships and ACLs with him are changed.

I saw that the Samba source has included some python libraries. Is
possible, with these libraries, to do 1,2, check the ACL's on 3 and
change them on 4? There are some external python libraries that
can be used to read and modify ACLs, but I don't know about the
syntax of the ACLs used by Samba, probably this isn't a problem.

And, on the other side: How Windows handle this situation? What happen
when you remove an user on a Windows PDC if there are files on the
workstations owned by that user or ACLs with references to him? How
these references are removed from the Workstations? Is done
automatically? How? 

Note, increasing the UID/GID reserved range is not a solution, because
it will eventually overflow in a worst case scenario, (a Samba Box
sitting too many time in an enviroment with too many user changes :)).
And well, for the moment I will not use AD. 

Nahuel Greco.

More information about the samba-technical mailing list