Samba4: idmap replication between 2 DC's

Gémes Géza geza at kzsdabas.hu
Sat Jul 14 03:41:34 MDT 2012 

2012-07-14 11:19 keltezéssel, steve írta:
> On 14/07/12 08:26, Gémes Géza wrote:
>> 2012-07-13 12:07 keltezéssel, steve írta:
>>> On 13/07/12 09:49, Andrew Bartlett wrote:
>>>> On Fri, 2012-07-13 at 09:03 +0200, steve wrote:
>>>>
>>>>> Hi Andrew, hi everyone
>>>>
>>>>> Conclusion 2:
>>>>>    idmap_ldb:use rfc2307 = yes
>>>>> does not work when gidNumber is in AD
>>>>>
>>>>> Summary,
>>>>> idmap_ldb:use rfc2307 = yes
>>>>> uidNumber in AD works
>>>>> gidNumber in AD does not work
>>>>>
>>>>> Can you help me sort the gidNumber?
>>>>
>>>> This would be significantly less frustrating for all of us if you 
>>>> would
>>>> attempt debugging the source yourself.
>>>>
>>>> I'm sure this isn't a difficult bug to solve, so why not give it a go.
>>>>
>>>> Some starting hints:
>>>>   - git grep gidNumber
>>>
>>> Hi Andrew
>>> OK. I take your point. I really should have gone with K&R.
>>>
>>> I've found the file responsible for the uidNumber and gidNumber at:
>>> source4/winbind/idmap.c
>>>
>>> Try as I may as I cannot see why uidNumber works and gidNumber doesn't.
>>>
>>> Can any C coder help me by have a look at it before I go to:
>>>
>>>>   - increase debug level to cover any existing, relelvent debug
>>>> statements
>>>>   - Add debug statements to cover the full flow control of any
>>>> apparently
>>>> relevant functions:
>>>>     DEBUG(0, ("debug message"));
>>>>   - start samba under gdb using :
>>>>     gdb --args samba -i -M single
>>>>   - use samba_start_debugger() to launch gdb under particular 
>>>> conditions
>>>>
>>>> I know you have said this is beyond you, but I do believe this is a
>>>> skill you can learn.
>>>>
>>>> Andrew Bartlett
>>>>
>>> Cheers,
>>> Steve
>> Hi,
>>
>> I've checked the idmap.c and users and groups are treated equal, so it
>> is not the reason to have it behaving like you described.
>>
>> What would be worth checking: if you have the objectClass: posixGroup
>> with the failing groups.
>>
>> Regards
>>
>> Geza
>
> Hi Geza
> I have objectClass: posixGroup and gidNumber: xyz for all the groups 
> that fail. Every time a group is created, it writes an entry to 
> idmap.ldb. If I delete that entry and run wbinfo --group-info=<group> 
> a new entry is created in idmap.ldb with a different xidNumber. This 
> does not happen with users, only groups.
> Any ideas?
> Cheers,
> Steve
>
>
None yet :-(

Sorry.

Geza

More information about the samba-technical mailing list