[Samba] ID mapping
Rowland Penny
rowlandpenny at googlemail.com
Wed Apr 16 11:51:06 MDT 2014
On 16/04/14 18:27, Williams, Jeff wrote:
> We use Samba 3.6.23 with an LDAP backend. After migrating to a new virtual
> server with same RHEL 6.5 as the physical server it replaced, everything
> works fine, except that sometimes the winbind mapping gets confused (I
> hesitate to say "corrupted"). Here's an real-life example I finally
> managed to capture, with the domain SID redacted:
>
> # wbinfo -U 1503
> S-1-5-21-xxx-xxx-xxx-3244
> # wbinfo -S S-1-5-21-xxx-xxx-xxx-4006
> 1503
> # wbinfo -S S-1-5-21-xxx-xxx-xxx-3244
> 1503
>
> Two Samba SIDs are mapping to a single UID number. I then ran a "net cache
> flush" and immediately got these (correct) results:
>
> # wbinfo -U 1503
> S-1-5-21-xxx-xxx-xxx-4006
> # wbinfo -S S-1-5-21-xxx-xxx-xxx-4006
> 1503
> # wbinfo -S S-1-5-21-xxx-xxx-xxx-3244
> 1122
>
> The result is that when this happens, affected Windows users can log in,
> but cannot access their home folders (because it's trying to access the
> home folder as a different incorrect user) -- though from a command prompt,
> the folders are accessible. I know it's getting confused, and I know how
> to fix it when it does, but I don't know what's causing it or how to
> prevent it from happening in the first place. Any thoughts?
>
> From the smb.conf file:
>
> idmap config * : backend = tdb
> idmap config * : range = 1000-89000
>
Sigh, Can you please post your entire (sanitized) smb.conf
Rowland
More information about the samba
mailing list