[Samba] winbind + ldap uid/gid consistency woes.

[Matt Sellers]

Hello all...

Im trying to fix a idmap setup with winbind where the idmaps are
stored in openldap.  We have had this system working before, but it
managed to break :-)  All systems running Samba (3.0.13 on FC2)


Problem: group id's and uid's (specificly uid's) are inconsistent
between clients (our two test clients).  Both machines are using idmap
backend to talk to our ldap server and retrieve idmaps.  Again: this
*has* worked in the past.

example:

server...

[username at wbserver root]$ id
uid=10222(username) gid=10001(domain users) groups=10001(domain users)

client #1 ....

[username at wbclient log]$ id
uid=10222(username) gid=10001(domain users) groups=10001(domain users)

client #2 ...

[username at wbclient2 home]$ id
uid=14046(wbtester) gid=10000(domain users) groups=10000(domain users)


HowTO???

This seems like a cache consistency problem between the systems so can
anybody give me a good idea of how to troubleshoot this?  Ive tried
greping the tdb files looking for clues and using tdbtool but I dont
think im getting myself anywhere.   All suggestions appreciated.

-matt