[Samba] Change winbindd UID mapping

[Chris Nighswonger]

On Fri, Jul 27, 2012 at 2:06 PM, Chris Nighswonger
<cnighswonger at foundations.edu> wrote:
> Hi,
>
> I'm running Samba 3.6.6 on Ubuntu Quantal.
>
> I have a need to manually assign some of the UID mapping on a samba
> domain member file server. I have used tdbtool to add the correct
> mapping record to winbindd_idmap.tdb. However, I am at a loss as to
> how to force that change to "propagate" so as to show in the
> permissions structure of the file system and in the output of such
> commands as 'getent passwd.' I have restarted all of the samba related
> services including winbind.
>

Let me try this from a different angle:

What is going wrong in this sequence?

root at codex:/netdrives/shared getent passwd | grep jdoe
jdoe:*:10001:15049:John Doe:/home/DOMAIN/jdoe:/bin/false

root at codex:/netdrives/shared wbinfo -U 10001
S-1-5-21-4035875638-3479806162-98682827-1010

root at codex:/netdrives/shared wbinfo --set-uid-mapping
10046,S-1-5-21-4035875638-3479806162-98682827-1010
uid 10046 now mapped to sid S-1-5-21-4035875638-3479806162-98682827-1010

BUT....

root at codex:/netdrives/shared wbinfo -U 10046
S-1-5-21-1547161642-436374069-854245398-1243

AND....

root at codex:/netdrives/shared getent passwd | grep jdoe
jdoe:*:10001:15049:John Doe:/home/DOMAIN/jdoe:/bin/false

RATHER THAN....

10046 being mapped to S-1-5-21-4035875638-3479806162-98682827-1010

which is what I would expect after performing the above sequence.

I have repeatedly deleted winbindd_idmap.tdb, netsamlogon_cache.tdb,
and winbindd_cache.tdb with no effect.

Incidentally, I also tried this:

root at codex:/netdrives/shared wbinfo --remove-uid-mapping
10001,S-1-5-21-4035875638-3479806162-98682827-1010
Could not remove uid to sid mapping

Which I would have expected to have removed that mapping, but for some
reason it does not.

tdbtool shows this:

key 10 bytes: UID 10001
key 45 bytes: S-1-5-21-4035875638-3479806162-98682827-1010

Any help would be greatly appreciated.

Kind Regards,
Chris