[Samba] RFC2307 attributes not being read by DC2 in 4.2.1

Andrey Repin anrdaemon at yandex.ru
Thu Apr 23 15:24:56 MDT 2015

Greetings, Rowland Penny!

>>>>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>>>> drepl, winbindd, ntp_signd, kcc, dnsupdate
>> Since "winbindd" is included in this line, shouldn't also "-winbind" 
>> be there? I think that when you use the normal winbind you must 
>> disable the internal one.
>> Could the simultaneous use of both winbinds be the cause of the 
>> confusion?

> If you read what I wrote, you will see I said to replace 'winbindd' with 
> 'winbind'. We are referring to samba 4.2.1, as standard this uses the 
> separate 'winbindd' daemon instead of the 'winbind' built into the samba 
> daemon.

> If using the old 'winbind' cures the OP problem, then there is a problem 
> in the way that a 4.2.1 DC uses the 'winbindd' deamon.

Internal AD winbind implementation doesn't care about SAM posixAccount
mappings in sam.ldb - it reads the RFC2307 mappings from idmap.ldb, whereas
member servers read the maps from SAM.
This creates a nice clash of UID's between DC and members, even worse - it
creates a clash between idmap and sam on the DC.
I'm right now trying to conceive a plan to solve this crap.

With best regards,
Andrey Repin
Friday, April 24, 2015 00:22:11

Sorry for my terrible english...

More information about the samba mailing list