[Samba] samba-3.5.14 (and less) corrupting AD->UID mappings

Jason Haar Jason_Haar at trimble.com
Thu Aug 2 15:07:01 MDT 2012


Hi there

We've had three incidents this year where users connected to Samba
shares (on CentOS systems) and appeared as the incorrect Windows
account. e.g "dom\user1" would connect, but any files they created would
be owned by Unix user "dom\user2"

This is of course pretty nasty. We normally delete all the cache and
winbind TDB files and restart and that fixes it - but that isn't really
a fix. There is a hint this may be associated with sites with RODCs -
but last night we just had it happen on a site that has both "true" AD
2008-R2 DCs and RODCs - so maybe winbind was talking to the RODC there -
maybe not - dunno

Is this a known issue, and if not, what can I do to track down the
cause, as it "sort of" diminishes the usefulness of Samba if you can't
trust the file ownership anymore

Thanks

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1



More information about the samba mailing list