[Samba] Samba issues with UID mappings

Taylor Lewick tlewick at tradebotsystems.com
Sat Aug 8 19:43:36 MDT 2009 

Hi all.  Need some assistance with a problem.  I will describe our setup
and whats been happening.

 

For over a year we've been using samba and winbind with pam on Linux
servers to join a windows Domain.  Pretty standard, no entries in
/etc/passwd or smbpasswd.  We just create the username on the Windows
domain, and using the pam mkhomedir module, whenever someone logs in for
the first time on a linux server, it creates their home directory.
Joins to the domain always work, everything seems to be fine.  We aren't
concerned that the UID mappings aren't consistent across servers.  For
example, for user jsmith, if you do a getent passwd jsmit on server1 it
may return 10000 and on server2 it may return 10002.  

 

Recently we discovered several of our servers had lost their connection
to the domain, and couldn't rejoin.  The only changes in the environment
were on the Windows side.  A 2008 Active Directory server was installed,
and a schema change was done on the 2003 AD servers.  We were running
Samba 3.0.28 and ran into the issue where that version didn't play nice
with windows 2008.

 

We upgraded to samba 3.3.4 and everything once again worked great.  Then
after a few days, we noticed that under the /home directory, a listing
would show the user and/or group ownerships had changed.

 

Instead of seeing jsmith or jdoe as the file/directory owner, now we
were seeing the uid, 10001, 10002.  Joins were still valid, and commands
like wbinfo -u, wbinfo -t, wbinfo -g all still worked.  Or the group
ownerships would be changed, but to a different group name.  So instead
of "domain users", it might be set to something like printers.

 

It seems to happen at fairly random times, so not sure whats causing
this or how to resolve.  Again, we aren't concerned about having the
UID/GID be consistent for each userid across all Linux servers, but we
can't keep having the user ownership change to the UID.  Its as if the
trivial database files in /var/lib/samba are being overwritten, but they
are present and nothing in the logs 

 

Any suggestions?  I can of course post config files, or adjust log
verbosity if needed.  

 

Thanks,

Taylor

More information about the samba mailing list