[Samba] "net idmap dump" and "wbinfo" shows different GIDs for same SID

Pavel Bychykhin bychykhin.p.n at hts.kh.ua
Fri Sep 20 10:12:07 MDT 2013


I'm apologize for my poor English, but have a question.
This question is a shorter than one i posted not so long ago 
(https://lists.samba.org/archive/samba/2013-September/175649.html) and 
received no answer for a while. In this question i took a log from the 
different server, but this is no matter: the problem persists on all of 
my servers.
So, my OS is FreeBSD 9.0, my Samba is 3.6.18 acts as a domain member.
Suppose i have a local group "samba_sge_public_createdir", created with 
"getent" and "wbinfo" shows this group with GID 30002 and SID 
But, "net idmap dump" shows this group with GID 30008 and shows no group 
with GID 30002 at all.

[root at srv-8cf8 ~]# getent group samba_sge_public_createdir
[root at srv-8cf8 ~]# wbinfo --gid-to-sid 30002
[root at srv-8cf8 ~]# wbinfo --sid-to-gid 
[root at srv-8cf8 ~]# net idmap dump
dumping id mapping from /var/db/samba/winbindd_idmap.tdb
GID 30013 S-1-5-21-2085021927-1344845373-2015074135-513
GID 30009 S-1-5-21-2085021927-1344845373-2015074135-1010
GID 30024 S-1-5-21-2085021927-1344845373-2015074135-1023
GID 30014 S-1-5-21-2085021927-1344845373-2015074135-1014
GID 30006 S-1-5-11
GID 30007 S-1-5-32-546
GID 30018 S-1-5-21-2085021927-1344845373-2015074135-1018
GID 30010 S-1-5-21-2085021927-1344845373-2015074135-1011
USER HWM 30002
GID 30022 S-1-5-21-2085021927-1344845373-2015074135-1021
UID 30000 S-1-5-21-2085021927-1344845373-2015074135-1015
GID 30008 S-1-5-21-2085021927-1344845373-2015074135-1012
GID 30023 S-1-5-21-2085021927-1344845373-2015074135-1022
UID 30001 S-1-5-21-2085021927-1344845373-2015074135-1016
GID 30004 S-1-1-0
GID 30005 S-1-5-2
GID 30011 S-1-5-21-2085021927-1344845373-2015074135-1013
[root at srv-8cf8 ~]# net cache list|grep 
Key: IDMAP/GID2SID/30002         Timeout: Tue Sep 24 10:41:25 2013 
  Value: S-1-5-21-2085021927-1344845373-2015074135-1012
Key: IDMAP/GID2SID/30008         Timeout: Tue Sep 17 12:24:22 2013 
  Value: S-1-5-21-2085021927-1344845373-2015074135-1012  (expired)
Key: IDMAP/SID2GID/S-1-5-21-2085021927-1344845373-2015074135-1012 
  Timeout: Tue Sep 24 10:41:25 2013       Value: 30002

Such a problem arise from time to time and my users can't access to 
shares because samba thinks they don't a members of a certain group.
Help me, please. How can I solve the problem? I'm really troubled:(

My Samba global config:
         dos charset = CP866
         workgroup = HTS
         realm = HTS.KH.UA
         server string =
         security = ADS
         map to guest = Bad Password
         local master = No
         wins server =
         winbind enum users = Yes
         winbind enum groups = Yes
         winbind expand groups = 3
         winbind nss info = rfc2307
         winbind max domain connections = 50
         idmap config HTS : schema_mode = rfc2307
         idmap config HTS : range = 10000-29999
         idmap config HTS : backend = ad
         idmap config HTS : default = yes
         idmap config * : range = 30000-59999
         idmap config * : backend = tdb

Best regards,

More information about the samba mailing list