[Samba] Winbind mappings change over time

Richard Greaney richard at net-solutions.net.nz
Wed Nov 1 02:10:08 GMT 2006

simo wrote:
> On Wed, 2006-11-01 at 08:52 +1300, Richard Greaney wrote:
>> Hi Simo
>> Thanks for your reply. I might have made things a little hazy in my 
>> initial post. The 40-odd servers I mentioned are all on remote client 
>> sites and each has it's own corresponding Windows server. Effectively, I 
>> have the same problem on all sites at one time or another. My issue 
>> isn't with the order of winbind mapping, but more with the fact that the 
>> SID to UID mapping appears to change over time.
> This can happen only if you delete winbind_idmap.tdb
> Mappings cannot change otherwise. Make sure you backup that file so that
> you can restore it in case you need.
>> I will take a look for information about idmap_ldap as a backend to see 
>> if it is going to work with my setup.
> idmap_ldap is useful if you need to share mappings, otherwise it is less
> ideal for reliability and performance reasons (you start needing ldap
> replicas and manage them).
> Simo.
What about idmap_rid (or just rid as it's called these days)? You 
mentioned this in an earlier email but I read it as idmap_ldap. 
Obviously it doesn't work on trusted domains, but apart from that would 
this be the best option for use in <1000 user sites?


Richard Greaney
Senior Technician
NET Solutions
Massey University College of Education
Palmerston North

e-mail: richard at net-solutions.net.nz
Phone: 06 351 3323

More information about the samba mailing list