[Samba] refreshing/cleaning the default idmap backend
Archibald Mouse
archibald.mouse at gmail.com
Wed Jun 8 18:33:00 MDT 2011
Greetings,
I have just moved my samba server membership from one AD realm to another
one. I may also have changed the idmap uig/gid ranges.
The problem is that when I log in now (vi ssh) using my AD credentials, I
get the following:-
groups: cannot find name for group ID 10667
groups: cannot find name for group ID 10668
groups: cannot find name for group ID 10670
groups: cannot find name for group ID 10671
groups: cannot find name for group ID 10672
groups: cannot find name for group ID 10679
groups: cannot find name for group ID 10680
groups: cannot find name for group ID 10681
groups: cannot find name for group ID 10682
I'm really not sure what the problem is. Perhaps someone here knows. My
theory is that I have certain local unix groups mapped (by winbind) to SIDs
that are no longer available in the new realm. If this is so then it would
seem that cleaning out the invalid mappings should help.
Can this cleaning out be done? If so, how??
Something else that occurred to me was to simply blow away all my domain
users and let them log in again to recreate their accounts. The idea would
be to get winbind to start building the idmap db again from scratch. Is
this feasible and sensible? If so, how might it be done?
I really am without much of a clue here and i would greatly appreciate any
advice on how to eliminate the "groups: cannot find name for group ID"
messages that appear for AD authenticated logins.
Thanks,
Archi
More information about the samba
mailing list