[Samba] winbind creating duplicate users

Michael Gasch gasch at eva.mpg.de
Fri Jul 1 06:27:13 GMT 2005 

what are your relevant smb.conf entries?

greez

Ian Clancy wrote:
> Hi everybody,
> I'm having a problem with winbind creating 2 entries for some of my 
> users that really wrecking my head ;-/ .
> My situation is as follows :
> I have a typical Samba (3.0.14a)/LDAP setup. I have a trusted domain 
> (another Samba/LDAP setup) and use winbind to map the users from the 
> foreign domain, with the UID to SID mappings stored in LDAP . This works 
> very well.
> The relevant part of my nsswitch.conf file is as follows :
> 
> passwd:     files ldap winbind
> shadow:     files ldap winbind
> group:      files ldap winbind
> 
> When i 'getent passwd' on a domain member server the following are listed:
> 1.) local user accounts
> 2.) accounts resolved via LDAP (UID 5'000+)
> 3.) winbind resolved accounts from the foreign domain (i.e. 
> FDOMAIN+user) UID = 10'000 +
> 
> This was all working fine for a while. However, recently i noticed that 
> winbind began storing additional UID to SID mappings for members of the 
> local domain in LDAP.
> So when i ran e.g. 'getent passwd | grep brightstop'  i would get 2 
> entries for the 1 user account, 1 resolved from LDAP, the other from 
> winbind
> 
> brightstor:x:5586:513:System User:/home/brightstor:/bin/false
> brightstor:x:10168:513:Brightstor:/home/CEL/brightstor:/bin/false
> 
> This occurs for some accounts but not others:
> pdbedit on this account returns :
> 
> [root at teddc etc]# pdbedit -Lv brightstor
> init_sam_from_ldap: Entry found for user: brightstor
> Unix username:        brightstor
> NT username:          brightstor
> Account Flags:        [UX         ]
> User SID:             S-1-5-21-193554404-1789558652-91453608-12172
> Primary Group SID:    S-1-5-21-193554404-1789558652-91453608-513
> Full Name:            Brightstor
> Home Directory:
> HomeDir Drive:
> Logon Script:         scripts\tedmap.bat
> Profile Path:
> Domain:               TED
> Account desc:         System User
> Workstations:
> Munged dial:
> Logon time:           0
> Logoff time:          Tue, 19 Jan 2038 03:14:07 GMT
> Kickoff time:         Tue, 19 Jan 2038 03:14:07 GMT
> Password last set:    Tue, 28 Jun 2005 10:53:57 GMT
> Password can change:  Tue, 28 Jun 2005 10:53:57 GMT
> Password must change: Tue, 19 Jan 2038 03:14:07 GMT
> Last bad password   : 0
> Bad password count  : 0
> Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> 
> Even when i stop winbind, delete winbindd_cache.tdb and 
> winbindd_idmap.tdb and delete the bad entries from the LDAP Directory 
> the problem returns ?.
> 
> Can anone make sence of this behaviour ?.
> Thanks
> 


-- 
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137

More information about the samba mailing list