[Samba] idmap for trusted domain changing over time

devel at thom.fr.eu.org devel at thom.fr.eu.org
Wed Jun 11 06:51:09 GMT 2008


I'm experiencing a weird behaviour with idmapping/winbindd.

I have two samba controlled domains with one trusting the other and using
winbindd to map trusted domain groups and users.
This works quite well, but after some time, I can see the unix uid/gid
allocated for the trusted domain groups/users being changed, and this
keeps on changing approximatively every 2 hours.
At samba/winbindd startup I have the uid/gid allocated starting at the
beginning of the range in "idmap alloc config:range" directive.

Also, I may have trouble with my configuration, because the trusted domain
uid/gid are not allocated in the range given by the "idmap config
DOMB:range" directive, and at startup, I get the gids allocated to BUILTIN
groups overlapping the gids allocated to the trusted domain.

Here is the relevant section of my smb.conf :

        idmap domains = DOMB
        idmap backend =
        idmap alloc backend = tdb
        idmap cache time = 900
        idmap negative cache time = 120
        idmap uid =
        idmap gid =
        template homedir = /home/%D/%U
        template shell = /bin/false
        winbind separator = \
        winbind cache time = 300
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = No
        winbind trusted domains only = No
        winbind nested groups = Yes
        winbind nss info = template
        winbind refresh tickets = No
        winbind offline logon = No
        winbind normalize names = No
        winbind:rpc only = yes
        idmap config DOMB:range = 4000-4999
        idmap config DOMB:default = Yes
        idmap config DOMB:backend = tdb
        idmap alloc config:range = 3000-4999

Anybody can help ?

François Legal

Message scanned by ClamAV engine (http://www.clamav.net)

More information about the samba mailing list