[Samba] ldap idmap backend

Vladimir Vassiliev vova at edu.yar.ru
Thu Mar 17 07:02:29 MDT 2011

Hi all,

i use Samba 3.5.6 in ads mode (Windows 2008R2) with ldap idmap backend. Servers run Centos 4 and 5.
I can't cope with next issue for long time.

On all servers in domain winbind constantly tries to create mapping for
and fails because of already existing entry.
It just wastes gid range.

Note that <SID> is not SID of main domain but another which name equal to hostname. For example on 
host FMS in domain CORP I have:

wbinfo --all-domains

wbinfo -D FMS
Name              : FMS
Alt_Name          :
SID               : S-1-5-21-3830529182-610880034-2098875520
Active Directory  : No
Native            : No
Primary           : No

Here is log:
[2011/03/17 15:37:28.387459,  0] winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping) 

   ldap_set_mapping_internals: Failed to add S-1-5-21-3830529182-610880034-2098875520-513 to 20067 
mapping [gidNumber]
[2011/03/17 15:37:28.387538,  0] winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping) 

   ldap_set_mapping_internals: Error was:  (Already exists)

Can someone experienced in Samba comment how to deal with this issue?

Vladimir Vassiliev

More information about the samba mailing list