[Samba] Re: Active Directory Authentication working only for a subset of accounts-SOLVED

Ramius m.ramius at gmail.com
Tue Feb 6 23:30:50 GMT 2007

Apparently our winbindd_idmap.tdb was corrupt.

We did a net idmap dump to get what we could out of it, shutdown
winbind, net idmap restore, and restarted winbind and everything looks
good.  We had to chgrp and chown some small handfull of files but not
many because luckily this server never made it to production (because
we discovered this problem early on).

On 2/6/07, Ramius <m.ramius at gmail.com> wrote:
> I'm trying to use samba with A/D integration for authenticating shares
> (security=ads in smb.conf).  It works, mostly.  But there are several
> dozen accounts that I have identified (and probably many more which I
> haven't identified) for which it DOES NOT work.  I can see no
> significant difference between the accounts, and I get mixed results
> using wbinfo ( as reported below ).  Any advice?
> smbclient -V
> Version 3.0.23c-2
> ==============================
> wbinfo -u | grep tester
>   FOO+tester
> wbinfo -n tester
>   S-1-5-21-1708926621-995487588-1868020167-1151 User (1)
> wbinfo -s S-1-5-21-1708926621-995487588-1868020167-1151
>   FOO+tester 1
> wbinfo -i FOO+tester
>   FOO+tester:*:23827:20000:Kevin Test:/home/FOO/tester:/bin/bash
> wbinfo -S S-1-5-21-1708926621-995487588-1868020167-1151
>   23827
> ==========================
> wbinfo -u | grep testuser1
>   FOO+testuser1
> wbinfo -n testuser1
>   S-1-5-21-1708926621-995487588-1868020167-1164 User (1)
> wbinfo -s S-1-5-21-1708926621-995487588-1868020167-1164
>   FOO+testuser1 1
> wbinfo -i FOO+testuser1
>   Could not get info for user FOO+testuser1
> wbinfo -S S-1-5-21-1708926621-995487588-1868020167-1164
>   Could not convert sid S-1-5-21-1708926621-995487588-1868020167-1164 to uid

More information about the samba mailing list