[Samba] winbind bug?

Jonathan Buzzard jonathan at buzzard.me.uk
Thu Mar 27 14:51:26 MDT 2014 

On 27/03/14 18:40, Doug Tucker wrote:
>
>>>
>>
>> I would second that. You have been mucking about with none working
>> configurations. At this point you *really* *really* need to stop Samba
>> clear all the caches right out, start afresh, rejoin the server to the
>> domain and then start Samba again.
>>
>> JAB.
>>
> Just making sure you are aware that this config does work.  It works for
> every single user on the system if the client is XP or linux/smb.  And
> works for all Win7 clients where the unix id is < 11000.  It is only
> unix id's >11000.

No your setup *DOES NOT WORK*. If it worked it would be working for 
every user and you would not be posting here. By your own admission this 
is *NOT* the case.

As Chan Min Wai said if you get bad stuff cached in the Samba databases 
then all sorts of wacky stuff can happen. This includes and is not 
limited to it working for some users and not others.

 From your emails you have been through smb.conf iterations that where 
badly broken and are highly likely to have left all sorts of junk in the 
Samba databases.

Until you clear it out then you are unlikely to resolve the problem.

[SNIP]

>
> I can't stop samba, unjoin and rejoin to the domain, it would interfere
> with the > 100 users that have drives mapped on it and are working with
> files.

They you are completely foo barred.

I would also say not having a test setup where you can test this, where 
even a modest workstation in 2014 can run VM's for you is completely 
criminal. If you where working for me you would be getting a written 
warning if not the sack.

I strongly recommend you get yourself a test/dev setup ASAP so you can 
work come up with a working configuration which you then deploy to your 
production environment. The fancy word for this is devops but it is 
really basic common sense and good practice. How the hell you get a 100 
user file server in 2014 without even a basic test/dev setup in a VM is 
beyond me. Then again by your own admission you can't read manual pages 
as you erroneously claimed the documentation did not say the ID ranges 
had to be disjointed/none overlapping/orthogonal. That might have been 
the case four years ago, it is most certainly not today.

There has been lots of good advice given to you, that you appear not to 
want to follow. You are running a what any sane Samba admin would regard 
as a completely "whacked out" setup without a test/dev environment and 
not listening.

In short you need to up your game as it is sub par right now.


JAB.

-- 
Jonathan A. Buzzard                 Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.

More information about the samba mailing list