[Samba] idmap ldap problems

Alexander 'Leo' Bergolth leo at strike.wu.ac.at
Sun Mar 2 10:19:03 MST 2014


Since upgrade to Samba 3.6.9, I am experiencing problems concerning 
winbind idmapping.

I am using an LDAP directory with RFC 2307 accounts and sambaSamAccount 
sambaSID entries for each local domain user. SIDs for other domains 
should be stored in sambaIdmapEntry objects in a separate LDAP tree.

The problem is that winbind doesn't seem to map SIDs from the local 
domain to unix IDs. smbd initially work fine but after some time, Idmap 
entries for my local domain groups are allocated, which results in 
duplicate mappings. (I.e. a local domain group now has a sambaSID to 
RFC-2307 gidNumber mapping and the newly allocated mapping in the 
sambaIdmapEntry object.)

Do you have any hints how the existing local domain mappings can be 
configured with the new idmap syntax? Should I use idmap_nss for the 
local domain instead of idmap_ldap?

My config can be found at

Thanks in advance,

P.S.: I am using samba-3.6.9-167.el6_5.x86_64 on RHEL 6.5.

e-mail   ::: Leo.Bergolth (at) wu.ac.at
fax      ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria

More information about the samba mailing list