[Samba] winbind creating duplicate users
Michael Gasch
gasch at eva.mpg.de
Fri Jul 1 06:27:13 GMT 2005
what are your relevant smb.conf entries?
greez
Ian Clancy wrote:
> Hi everybody,
> I'm having a problem with winbind creating 2 entries for some of my
> users that really wrecking my head ;-/ .
> My situation is as follows :
> I have a typical Samba (3.0.14a)/LDAP setup. I have a trusted domain
> (another Samba/LDAP setup) and use winbind to map the users from the
> foreign domain, with the UID to SID mappings stored in LDAP . This works
> very well.
> The relevant part of my nsswitch.conf file is as follows :
>
> passwd: files ldap winbind
> shadow: files ldap winbind
> group: files ldap winbind
>
> When i 'getent passwd' on a domain member server the following are listed:
> 1.) local user accounts
> 2.) accounts resolved via LDAP (UID 5'000+)
> 3.) winbind resolved accounts from the foreign domain (i.e.
> FDOMAIN+user) UID = 10'000 +
>
> This was all working fine for a while. However, recently i noticed that
> winbind began storing additional UID to SID mappings for members of the
> local domain in LDAP.
> So when i ran e.g. 'getent passwd | grep brightstop' i would get 2
> entries for the 1 user account, 1 resolved from LDAP, the other from
> winbind
>
> brightstor:x:5586:513:System User:/home/brightstor:/bin/false
> brightstor:x:10168:513:Brightstor:/home/CEL/brightstor:/bin/false
>
> This occurs for some accounts but not others:
> pdbedit on this account returns :
>
> [root at teddc etc]# pdbedit -Lv brightstor
> init_sam_from_ldap: Entry found for user: brightstor
> Unix username: brightstor
> NT username: brightstor
> Account Flags: [UX ]
> User SID: S-1-5-21-193554404-1789558652-91453608-12172
> Primary Group SID: S-1-5-21-193554404-1789558652-91453608-513
> Full Name: Brightstor
> Home Directory:
> HomeDir Drive:
> Logon Script: scripts\tedmap.bat
> Profile Path:
> Domain: TED
> Account desc: System User
> Workstations:
> Munged dial:
> Logon time: 0
> Logoff time: Tue, 19 Jan 2038 03:14:07 GMT
> Kickoff time: Tue, 19 Jan 2038 03:14:07 GMT
> Password last set: Tue, 28 Jun 2005 10:53:57 GMT
> Password can change: Tue, 28 Jun 2005 10:53:57 GMT
> Password must change: Tue, 19 Jan 2038 03:14:07 GMT
> Last bad password : 0
> Bad password count : 0
> Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>
> Even when i stop winbind, delete winbindd_cache.tdb and
> winbindd_idmap.tdb and delete the bad entries from the LDAP Directory
> the problem returns ?.
>
> Can anone make sence of this behaviour ?.
> Thanks
>
--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution
Deutscher Platz 6
D-04103 Leipzig
Germany
Phone: 49 (0)341 - 3550 137
More information about the samba
mailing list