[Samba] gid collision

John Adams mailinglists at belfin.ch
Tue Feb 5 04:59:14 MST 2013 

Hi

A bit more than 24 hours later the group 'python\none' re-appeared.

wbinfo told me this about 'domain users' and 'python\none':

root at python:/var/run/samba# wbinfo -n 'PYTHON\none'
S-1-5-21-1142660729-3645412750-287447673-513 SID_DOM_GROUP (2)
This SID does not exist in AD.

root at python:/var/run/samba# wbinfo -n 'domain users'
S-1-5-21-3399354374-3828377523-3974166524-513 SID_DOM_GROUP (2)
This SID exists in AD.

Both SIDs are found in /var/run/samba/gencache.tdb.
How is gencache.tdb generated?
What happens if I try to erase this key in gencache.tdb?
key 59 bytes
IDMAP/SID2GID/S-1-5-21-1142660729-3645412750-287447673-513
data 16 bytes
[000] 20 20 31 33 36 30 30 34  35 39 37 33 2F 2D 31 00    136004 5973/-1

Thanks for any hints and pointers!

Best regards
Philipp

> Hi
>
> I switched in nsswitch.conf
>
> group: files winbind
> to
> group: winbind files
>
> and rebooted the box. PYTHON\none has dissapeared. getent group
> 'python\none' and wbinfo --group-info='python\none' haven't got any
> results anymore.
>
> It feels quite strange that by changing name resolution order behaviour
> like that dissapears. Is this a bug?
>
> Thanks,
> Philipp
>
>
>> Hi
>>
>> Setup is samba 3.6.3 on ubuntu 12.04.1, domain member server in a
>> Win2008R2 DC environment. Userauth is via kerberos.
>>
>> I have a gid collision I cannot find an answer for. Please see below.
>>
>> root at python:/home/DOMAIN/users# ls -la
>> drwxr-x--- 4 user1 PYTHON\none  136 Dez  7 09:42 user1
>> drwxr-x--- 2 user2 PYTHON\none    6 Jan 30 11:01 user2
>> drwxr-x--- 2 user3 PYTHON\none    6 Jan 30 11:13 user3
>>
>> root at python:/home/DOMAIN/users# getent group 'domain users'
>> domain users:x:100513:
>> root at python:/home/DOMAIN/users# getent group 'python\none'
>> PYTHON\none:x:100513:
>>
>> neither wbinfo -g nor getent group list any group named python\none.
>>
>> Has anybody got an explanation for python\none or how I get rid of it?
>>
>> Thanks
>> Philipp
>>
>>
>>
>> smb.conf:
>>
>> [global]
>>     workgroup = DOMAIN
>>     server string = Fileserver Samba Version %v
>>     netbios name = python
>>     security = ADS
>>     realm = DOMAIN.LOCAL
>>     kerberos method = secrets only
>>     winbind enum users = yes
>>     winbind enum groups = yes
>>     winbind nss info = template
>>     winbind use default domain = yes
>>     winbind refresh tickets = true
>>     winbind nested groups = yes
>>     idmap config *:backend = rid
>>     idmap config *:range = 100000-100000000
>>     idmap config *:base_rid = 0
>>     template shell = /usr/bin/nologin
>>     template homedir = /home/%D/users/%U
>>     obey pam restrictions = yes
>>     allow trusted domains = no
>>     client use spnego = yes
>>     client signing = auto
>>     preferred master = no
>>     load printers = no
>>     dos charset = 850
>>     unix charset = UTF-8
>>     display charset = UTF-8
>>     socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>> IPTOS_LOWDELAY SO_KEEPALIVE
>>     log file = /var/log/samba/log.%m
>>     log level = 3
>>     max log size = 50000
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list