[Samba] Missing entries in idmap.ldb

Kirin van der Veer kirin.vanderveer at planetinnovation.com.au
Thu Nov 13 15:38:24 MST 2014 

Hello all,
When I run ldbedit on idmap.ldb some of my SIDs seem to be missing.
The below output demonstrates the problem quite clearly:

root at server:/# wbinfo -n administrator
S-1-5-21-3663128747-3839060396-3176805764-500 SID_USER (1)
root at server:/# ldbedit -e /usr/bin/vim -H /var/lib/samba/private/idmap.ldb
objectsid=S-1-5-21-3663128747-3839060396-3176805764-500
# 0 adds  0 modifies  0 deletes
root at server:/# wbinfo -n user1-admin
S-1-5-21-3663128747-3839060396-3176805764-11824 SID_USER (1)
root at server:/# ldbedit -e /usr/bin/vim -H /var/lib/samba/private/idmap.ldb
objectsid=S-1-5-21-3663128747-3839060396-3176805764-11824
# 0 adds  0 modifies  0 deletes
root at server:/# wbinfo -n user2-admin
S-1-5-21-3663128747-3839060396-3176805764-11983 SID_USER (1)
root at server:/# ldbedit -e /usr/bin/vim -H /var/lib/samba/private/idmap.ldb
objectsid=S-1-5-21-3663128747-3839060396-3176805764-11983
no matching records - cannot edit
root at server:/# wbinfo -n user3-admin
S-1-5-21-3663128747-3839060396-3176805764-11981 SID_USER (1)
root at server:/# ldbedit -e /usr/bin/vim -H /var/lib/samba/private/idmap.ldb
objectsid=S-1-5-21-3663128747-3839060396-3176805764-11981
no matching records - cannot edit


I expected the last two SIDs/usernames to be in the database, but they are
not.
There does not seem to be anything special about them, so I'm not sure why
it's not working.
The only difference I can ascertain between administrator/user1-admin and
user2-admin/user3-admin is that user1-admin was created a few months ago. I
can't see why that matters.

Any help would be appreciated.

Thanks,
Kirin.

-- 
 

*IMPORTANT NOTE. *If you are NOT AN AUTHORISED RECIPIENT of this e-mail, 
please contact Planet Innovation Pty Ltd by return e-mail or by telephone 
on +613 9945 7510.  In this case, you should not read, print, re-transmit, 
store or act in reliance on this e-mail or any attachments, and should 
destroy all copies of them.  This e-mail and any attachments are 
confidential and may contain legally privileged information and/or 
copyright material of Planet Innovation Pty Ltd or third parties.  You 
should only re-transmit, distribute or commercialise the material if you 
are authorised to do so.  Although we use virus scanning software, we deny 
all liability for viruses or alike in any message or attachment. This 
notice should not be removed.

More information about the samba mailing list