[Samba] Samba 3.5 uid gid winbindd_idmap.tdb severe problems

lizard at blue.dyn-o-saur.com lizard at blue.dyn-o-saur.com
Tue May 24 07:22:34 MDT 2011

Hello all,
right now I am using Samba 3.0.33 on Centos 5.6. The users need to
access the files from Linux and from Windows so I maintain the
Linux users in nis and the Windows users in AD. Samba is AD integrated.
I am using an custom python script that collects some data from nis and
from winbindd_idmap.tdb, creates a new file and imports it into
winbindd_idmap.tdb. This works remarkably well. Known users get mapped
to the same uid that they have on Linux. The same happens with the 
groups too.
The rest gets an id from the range defined in smb.conf.
I need/want to upgrade samba to Samba 3.5 and here my problems begin.
My script creates winbindd_idmap.tdb like before and with net idmap 
I am able to check that is has the correct mappings (the mappings that 
I want).
Unfortunately they never take effect. No matter what i do Samba seems 
not read the file anymore. id -a $usernames shows me a list where every 
is twice in. The first with the nis gid and the second with the idmap 
Reading through a lot of stuff the last 3 days I came across this 
commands that should do the same but show me that the mapping fails.
Here is a small session that show what happens:
id -a testuser
uid=1042(testuser) gid=2000(testgroup) groups=2000(testgroup) ...... 
# the first one from nis the second from winbind
# we try to map the gid to the sid from AD
wbinfo -n testgroup
S-1-5-21-966306815-3935059601-1604263782-1350 SID_DOM_GROUP (2)
gid 2000 now mapped to sid 
S-1-5-21-966306815-3935059601-1604263782-1350 # !! he lies I prove it
wbinfo --gid-to-sid=2000
Could not convert gid 2000 to sid
wbinfo --gid-to-sid=11000
wbinfo --sid-to-gid=S-1-5-21-966306815-3935059601-1604263782-1350

Could anybody please enlighten me?
Here is my smb.conf

     realm = example.com
     security = ADS
     workgroup = example
     encrypt passwords = yes
     password server = *
     netbios name = testserver
     idmap backend         = tdb
     #idmap alloc backend   = tdb
     idmap uid = 11000-12000
     idmap gid = 11000-12000
     winbind enum users = yes
     winbind enum groups = yes
     winbind cache time = 1
     encrypt passwords = yes
     winbind use default domain = Yes
     winbind nested groups = Yes
     log level = 2
     enable privileges = yes
     nt acl support = yes
     client use spnego = yes

     socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8192 
     log file = /var/log/samba/%U.%m.log

Thank you

More information about the samba mailing list