[Samba] winbind creating duplicate users
Ian Clancy
clancyian at cel.ie
Thu Jun 30 22:10:46 GMT 2005
Hi everybody,
I'm having a problem with winbind creating 2 entries for some of my
users that really wrecking my head ;-/ .
My situation is as follows :
I have a typical Samba (3.0.14a)/LDAP setup. I have a trusted domain
(another Samba/LDAP setup) and use winbind to map the users from the
foreign domain, with the UID to SID mappings stored in LDAP . This works
very well.
The relevant part of my nsswitch.conf file is as follows :
passwd: files ldap winbind
shadow: files ldap winbind
group: files ldap winbind
When i 'getent passwd' on a domain member server the following are listed:
1.) local user accounts
2.) accounts resolved via LDAP (UID 5'000+)
3.) winbind resolved accounts from the foreign domain (i.e.
FDOMAIN+user) UID = 10'000 +
This was all working fine for a while. However, recently i noticed that
winbind began storing additional UID to SID mappings for members of the
local domain in LDAP.
So when i ran e.g. 'getent passwd | grep brightstop' i would get 2
entries for the 1 user account, 1 resolved from LDAP, the other from winbind
brightstor:x:5586:513:System User:/home/brightstor:/bin/false
brightstor:x:10168:513:Brightstor:/home/CEL/brightstor:/bin/false
This occurs for some accounts but not others:
pdbedit on this account returns :
[root at teddc etc]# pdbedit -Lv brightstor
init_sam_from_ldap: Entry found for user: brightstor
Unix username: brightstor
NT username: brightstor
Account Flags: [UX ]
User SID: S-1-5-21-193554404-1789558652-91453608-12172
Primary Group SID: S-1-5-21-193554404-1789558652-91453608-513
Full Name: Brightstor
Home Directory:
HomeDir Drive:
Logon Script: scripts\tedmap.bat
Profile Path:
Domain: TED
Account desc: System User
Workstations:
Munged dial:
Logon time: 0
Logoff time: Tue, 19 Jan 2038 03:14:07 GMT
Kickoff time: Tue, 19 Jan 2038 03:14:07 GMT
Password last set: Tue, 28 Jun 2005 10:53:57 GMT
Password can change: Tue, 28 Jun 2005 10:53:57 GMT
Password must change: Tue, 19 Jan 2038 03:14:07 GMT
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Even when i stop winbind, delete winbindd_cache.tdb and
winbindd_idmap.tdb and delete the bad entries from the LDAP Directory
the problem returns ?.
Can anone make sence of this behaviour ?.
Thanks
--
Ian Clancy
IT Systems Engineer
Connaught Electronics Ltd.
Dunmore Rd,
Tuam,
Co. Galway,
Ireland.
P : ++353 93 23151
F : ++353 93 23110
E : mailto:clancyian at cel.ie
W : http://www.cel-europe.com
More information about the samba
mailing list