[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3016-ga2c3131

simo idra at samba.org
Tue Sep 16 12:41:03 GMT 2008

On Tue, 2008-09-16 at 08:49 +0200, Karolin Seeger wrote:
> Simo,
> On Mon, Sep 15, 2008 at 09:02:44AM -0400, simo wrote:
> > My patch doesn't really touch any group/id mapping code, so I am quite
> > sure it is unrelated.
> Okay, but I would like to make sure that we don't have another issue here
> nevertheless.

Sure, but unless it is reproducible it will be difficult.
Can you reset the idmap database but not group mapping between tests and
see if that way you are able to repeat the issue on a clean server?

> That might be posiible. I didn't remove the group_mapping.ldb file each time.
> Maybe it happened therefore. But I still think it's strange that the mapping of
> BUILTIN+Administrators was created after the first execution of 'id' and
> the initial groupmembership changed due to that later on...

BUILTIN+Administrators is created by allocating an id from idmap. If you
reset the idmap database but not the group mapping, that id will be made
available again to the idmap backend that will allocate it to the first
Because the group mapping database has already a BUILTIN+Administrators,
it does not ask for an id that is instead consumed for the first SID of
the ADS domain.

I think that's why you may get the result you got.


Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <simo at redhat.com>

More information about the samba-technical mailing list