samba 4.3.4: winbindd is mapping a user uid to an incorrected value

Daniele Dario d.dario76 at
Thu Jan 14 12:19:12 UTC 2016

Hi all,
after upgrading my AD DCs to 4.3.4, today I found that some users are
mapped to a uid that I'm not able to find in sam.ldb nor in idmap.ldb
and now they are not able to log in their personal home directories on
the server.

It happened once after updating to a 4.2.x and it seems that the problem
was related to winbindd and the suggestion to use the
server services = -winbindd +winbind
solved the issue. Then I updated to the 4.2.x+1 release and found that
the directive was not necessary anymore but now the problem came up

The thing is that the DCs seems to be correctly synced (samba-tool drs
showrepl) and trying to find the uid with
ldbsearch --cross-ncs --show-deleted -H /usr/local/samba/private/sam.ldb
-a uidNumber=3000033
# returned 0 records
# 0 entries
# 0 referrals

and same for gid or xid also on idmap.ldb.

On kdc01 I can see the user being mapped to the uid present in sam.ldb
while on kdc03 no.

Another thing I can say is that
[root at kdc03:~]# wbinfo --uid-info=4001107
SAITEL\marco:*:3000033:100:Marco Gandini:/home/SAITEL/marco:/bin/bash
(this should look into the AD db guess and finds the correct uidNumber
for the user or better finds the user associated to the uidNumber)
[root at kdc03:~]# wbinfo --uid-to-sid=4001107
(same as before I think)
[root at kdc03:~]# wbinfo
(here the conversion is made picking the info from somewhere that I
can't find)

Both servers are configured with 
idmap_ldb:use rfc2307 = yes

Does anyone have any idea why this is happening and how to solve it?
What info can I provide to help solving this issue?

Thanks in advance,

More information about the samba-technical mailing list