[Samba] Users created after certain date are not cached by winbind
Cameron Villers
cmvillers at gmail.com
Wed Feb 10 10:06:32 MST 2010
It seems that I have some users that winbind refuses to find. As far as I can tell, all of these users were created or re-enabled (had their expiration date reset) after a certain date. I have cleared my winbind_cache.tdb and winbind_idmap.tdb to no avail. Curiously, I also noticed that even when I removed the idmap, it still came back with the original mappings.
In my winbind.log, I see numerous errors of this sort when I run 'getent passwd':
[2010/02/10 12:04:30, 0] winbindd/idmap.c:201()
idmap_alloc module tdb already registered!
[2010/02/10 12:04:30, 0] winbindd/idmap.c:149()
Idmap module passdb already registered!
[2010/02/10 12:04:30, 0] winbindd/idmap.c:149()
Idmap module nss already registered!
[2010/02/10 12:04:30, 1] winbindd/idmap_tdb.c:445()
Fatal Error: UID range full!! (max: 1000000)
[2010/02/10 12:04:30, 3] winbindd/idmap.c:695()
Could not allocate id: NT_STATUS_UNSUCCESSFUL
[2010/02/10 12:04:30, 1] winbindd/winbindd_user.c:97()
error getting user id for sid S-1-5-21-1535035888-1625807045-3321399979-4400
[2010/02/10 12:04:30, 1] winbindd/winbindd_user.c:856()
could not lookup domain user foobar
That sequence of errors repeats for each user that should be looked up but does not (which, as I noted, were all created on or after a certain date). However, running 'wbinfo -u' does indeed show the missing users. I've ensured that my Kerberos ticket is valid. No other users are reporting problems. What could be going on here? I am using 3.4.3 packaged from www.blastwave.org on Solaris 10 on a sparc64. The DC I am communicating with is running Windows Server 2008.
[global]
workgroup = COMPSCI
realm = CS.HARTFORD.EDU
server string = Computer Science SUN Server
interfaces = 127.0.0.1/255.0.0.0, 137.49.39.15/255.255.254.0
bind interfaces only = Yes
security = ADS
client schannel = No
password server = zephyr.cs.hartford.edu
log level = 3
log file = /var/opt/csw/log/samba/%m
max log size = 50
load printers = No
printcap name = /dev/null
disable spoolss = Yes
local master = No
domain master = No
dns proxy = No
idmap uid = 10000-1000000
idmap gid = 10000-1000000
template homedir = /export/home/%U
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind refresh tickets = Yes
idmap alloc config:range = 10000-1000000
idmap config default:range = 10000-1000000
printing = bsd
print command = lpr -r -P'%p' %s
lpq command = lpq -P'%p'
lprm command = lprm -P'%p' %j
[homes]
comment = Home Directories
read only = No
browseable = No
browsable = No
[printers]
comment = All Printers
path = /usr/local/pkg/var/spool/samba
printable = Yes
browseable = No
browsable = No
More information about the samba
mailing list