Samba4: idmap replication between 2 DC's

steve steve at steve-ss.com
Sat Jul 14 03:19:18 MDT 2012 

On 14/07/12 08:26, Gémes Géza wrote:
> 2012-07-13 12:07 keltezéssel, steve írta:
>> On 13/07/12 09:49, Andrew Bartlett wrote:
>>> On Fri, 2012-07-13 at 09:03 +0200, steve wrote:
>>>
>>>> Hi Andrew, hi everyone
>>>
>>>> Conclusion 2:
>>>>    idmap_ldb:use rfc2307 = yes
>>>> does not work when gidNumber is in AD
>>>>
>>>> Summary,
>>>> idmap_ldb:use rfc2307 = yes
>>>> uidNumber in AD works
>>>> gidNumber in AD does not work
>>>>
>>>> Can you help me sort the gidNumber?
>>>
>>> This would be significantly less frustrating for all of us if you would
>>> attempt debugging the source yourself.
>>>
>>> I'm sure this isn't a difficult bug to solve, so why not give it a go.
>>>
>>> Some starting hints:
>>>   - git grep gidNumber
>>
>> Hi Andrew
>> OK. I take your point. I really should have gone with K&R.
>>
>> I've found the file responsible for the uidNumber and gidNumber at:
>> source4/winbind/idmap.c
>>
>> Try as I may as I cannot see why uidNumber works and gidNumber doesn't.
>>
>> Can any C coder help me by have a look at it before I go to:
>>
>>>   - increase debug level to cover any existing, relelvent debug
>>> statements
>>>   - Add debug statements to cover the full flow control of any
>>> apparently
>>> relevant functions:
>>>     DEBUG(0, ("debug message"));
>>>   - start samba under gdb using :
>>>     gdb --args samba -i -M single
>>>   - use samba_start_debugger() to launch gdb under particular conditions
>>>
>>> I know you have said this is beyond you, but I do believe this is a
>>> skill you can learn.
>>>
>>> Andrew Bartlett
>>>
>> Cheers,
>> Steve
> Hi,
>
> I've checked the idmap.c and users and groups are treated equal, so it
> is not the reason to have it behaving like you described.
>
> What would be worth checking: if you have the objectClass: posixGroup
> with the failing groups.
>
> Regards
>
> Geza

Hi Geza
I have objectClass: posixGroup and gidNumber: xyz for all the groups 
that fail. Every time a group is created, it writes an entry to 
idmap.ldb. If I delete that entry and run wbinfo --group-info=<group> a 
new entry is created in idmap.ldb with a different xidNumber. This does 
not happen with users, only groups.
Any ideas?
Cheers,
Steve

More information about the samba-technical mailing list