[Samba] Winbind group mapping problem

Dale Schroeder dale at BriannasSaladDressing.com
Tue Feb 10 18:27:04 GMT 2009

Unfortunately, simply switching to idmap_rid at this point will not 
rectify your immediate problem.  Winbind will apply uid's and gid's via 
a specific algorithm, which will once again be different from your 
current mappings.
However, if you wish to ensure consistent mappings for the future (new 
server or multiple servers), then you would switch to idmap_rid and 
manually set the ownerships this one time.
Having multiple servers, it was worth the time and effort for me to do 
so; but of course, this may not be a pressing need for you.


Ben Tisdall wrote:
> Dale Schroeder wrote:
>> Which winbind idmap backend are you using?
>> The default tdb backend generates id's randomly (which appears to be
>> your case), meaning you will have to do a lot of chown commands on box B.
>> For consistent mappings, use something like idmap_rid.
>> http://us6.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2598850
> Thanks very much Dale, I was using the tdb backend.
> I read the docs but I'm not clear on whether the configuration can
> simply be  retrofitted to both servers or whether changes to the data
> itself will be needed.
> I did make a quick test but aside from ownerships showing as 'user'
> rather than 'DOMAIN\user' nothing changed in respect of missing UIDs/GIDs.
> BTW the ultimate aim of was is to validate a server that will actually
> replace a single ADS domain member. This being the case I suppose I
> could back up the relevant tdb files, do a leave on the existing server,
> join the new one and copy the tdbs into place? Still, if I can use
> idmap_rid without undue hassle it's clearly a better solution.
> Best,
> Ben.

More information about the samba mailing list