[Samba] winbind creating duplicate users

Ian Clancy clancyian at cel.ie
Thu Jun 30 22:10:46 GMT 2005


Hi everybody,
I'm having a problem with winbind creating 2 entries for some of my 
users that really wrecking my head ;-/ .
My situation is as follows :
I have a typical Samba (3.0.14a)/LDAP setup. I have a trusted domain 
(another Samba/LDAP setup) and use winbind to map the users from the 
foreign domain, with the UID to SID mappings stored in LDAP . This works 
very well.
The relevant part of my nsswitch.conf file is as follows :

passwd:     files ldap winbind
shadow:     files ldap winbind
group:      files ldap winbind

When i 'getent passwd' on a domain member server the following are listed:
1.) local user accounts
2.) accounts resolved via LDAP (UID 5'000+)
3.) winbind resolved accounts from the foreign domain (i.e. 
FDOMAIN+user) UID = 10'000 +

This was all working fine for a while. However, recently i noticed that 
winbind began storing additional UID to SID mappings for members of the 
local domain in LDAP.
So when i ran e.g. 'getent passwd | grep brightstop'  i would get 2 
entries for the 1 user account, 1 resolved from LDAP, the other from winbind

brightstor:x:5586:513:System User:/home/brightstor:/bin/false
brightstor:x:10168:513:Brightstor:/home/CEL/brightstor:/bin/false

This occurs for some accounts but not others:
pdbedit on this account returns :

[root at teddc etc]# pdbedit -Lv brightstor
init_sam_from_ldap: Entry found for user: brightstor
Unix username:        brightstor
NT username:          brightstor
Account Flags:        [UX         ]
User SID:             S-1-5-21-193554404-1789558652-91453608-12172
Primary Group SID:    S-1-5-21-193554404-1789558652-91453608-513
Full Name:            Brightstor
Home Directory:
HomeDir Drive:
Logon Script:         scripts\tedmap.bat
Profile Path:
Domain:               TED
Account desc:         System User
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Tue, 19 Jan 2038 03:14:07 GMT
Kickoff time:         Tue, 19 Jan 2038 03:14:07 GMT
Password last set:    Tue, 28 Jun 2005 10:53:57 GMT
Password can change:  Tue, 28 Jun 2005 10:53:57 GMT
Password must change: Tue, 19 Jan 2038 03:14:07 GMT
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

Even when i stop winbind, delete winbindd_cache.tdb and 
winbindd_idmap.tdb and delete the bad entries from the LDAP Directory 
the problem returns ?.

Can anone make sence of this behaviour ?.
Thanks

-- 
Ian Clancy
IT Systems Engineer
Connaught Electronics Ltd.
Dunmore Rd,
Tuam,
Co. Galway,
Ireland.

P : ++353 93 23151
F : ++353 93 23110
E : mailto:clancyian at cel.ie
W : http://www.cel-europe.com




More information about the samba mailing list