[Samba] Users created after certain date are not cached by winbind

Cameron Villers cmvillers at gmail.com
Wed Feb 10 10:06:32 MST 2010

It seems that I have some users that winbind refuses to find. As far as I can tell, all of these users were created or re-enabled (had their expiration date reset) after a certain date. I have cleared my winbind_cache.tdb and winbind_idmap.tdb to no avail. Curiously, I also noticed that even when I removed the idmap, it still came back with the original mappings.

In my winbind.log, I see numerous errors of this sort when I run 'getent passwd':

[2010/02/10 12:04:30,  0] winbindd/idmap.c:201()
  idmap_alloc module tdb already registered!
[2010/02/10 12:04:30,  0] winbindd/idmap.c:149()
  Idmap module passdb already registered!
[2010/02/10 12:04:30,  0] winbindd/idmap.c:149()
  Idmap module nss already registered!
[2010/02/10 12:04:30,  1] winbindd/idmap_tdb.c:445()
  Fatal Error: UID range full!! (max: 1000000)
[2010/02/10 12:04:30,  3] winbindd/idmap.c:695()
  Could not allocate id: NT_STATUS_UNSUCCESSFUL
[2010/02/10 12:04:30,  1] winbindd/winbindd_user.c:97()
  error getting user id for sid S-1-5-21-1535035888-1625807045-3321399979-4400
[2010/02/10 12:04:30,  1] winbindd/winbindd_user.c:856()
  could not lookup domain user foobar

That sequence of errors repeats for each user that should be looked up but does not (which, as I noted, were all created on or after a certain date). However, running 'wbinfo -u' does indeed show the missing users. I've ensured that my Kerberos ticket is valid. No other users are reporting problems. What could be going on here? I am using 3.4.3 packaged from www.blastwave.org on Solaris 10 on a sparc64. The DC I am communicating with is running Windows Server 2008.

        workgroup = COMPSCI
        realm = CS.HARTFORD.EDU
        server string = Computer Science SUN Server
        interfaces =,
        bind interfaces only = Yes
        security = ADS
        client schannel = No
        password server = zephyr.cs.hartford.edu
        log level = 3
        log file = /var/opt/csw/log/samba/%m
        max log size = 50
        load printers = No
        printcap name = /dev/null
        disable spoolss = Yes
        local master = No
        domain master = No
        dns proxy = No
        idmap uid = 10000-1000000
        idmap gid = 10000-1000000
        template homedir = /export/home/%U
        template shell = /bin/bash
        winbind separator = +
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        winbind refresh tickets = Yes
        idmap alloc config:range = 10000-1000000
        idmap config default:range = 10000-1000000
        printing = bsd
        print command = lpr -r -P'%p' %s
        lpq command = lpq -P'%p'
        lprm command = lprm -P'%p' %j

        comment = Home Directories
        read only = No
        browseable = No
        browsable = No

        comment = All Printers
        path = /usr/local/pkg/var/spool/samba
        printable = Yes
        browseable = No
        browsable = No

More information about the samba mailing list