[Samba] ID mapping
Williams, Jeff
jeff at dacc.edu
Wed Apr 16 11:27:15 MDT 2014
We use Samba 3.6.23 with an LDAP backend. After migrating to a new virtual
server with same RHEL 6.5 as the physical server it replaced, everything
works fine, except that sometimes the winbind mapping gets confused (I
hesitate to say "corrupted"). Here's an real-life example I finally
managed to capture, with the domain SID redacted:
# wbinfo -U 1503
S-1-5-21-xxx-xxx-xxx-3244
# wbinfo -S S-1-5-21-xxx-xxx-xxx-4006
1503
# wbinfo -S S-1-5-21-xxx-xxx-xxx-3244
1503
Two Samba SIDs are mapping to a single UID number. I then ran a "net cache
flush" and immediately got these (correct) results:
# wbinfo -U 1503
S-1-5-21-xxx-xxx-xxx-4006
# wbinfo -S S-1-5-21-xxx-xxx-xxx-4006
1503
# wbinfo -S S-1-5-21-xxx-xxx-xxx-3244
1122
The result is that when this happens, affected Windows users can log in,
but cannot access their home folders (because it's trying to access the
home folder as a different incorrect user) -- though from a command prompt,
the folders are accessible. I know it's getting confused, and I know how
to fix it when it does, but I don't know what's causing it or how to
prevent it from happening in the first place. Any thoughts?
>From the smb.conf file:
idmap config * : backend = tdb
idmap config * : range = 1000-89000
--
Jeff Williams
More information about the samba
mailing list