[Samba] FW: [Bug 11241] different ids even when idmap.ldb copied. not abug..
Achim Gottinger
achim at ag-web.biz
Thu Apr 30 06:22:34 MDT 2015
Hi again,
Am 30.04.2015 um 12:55 schrieb Achim Gottinger:
> Hi Louis, Björn and Rowland,
>
> Am 30.04.2015 um 08:09 schrieb L.P.H. van Belle:
>> Please read the reported bug and bjorn answer.. which does not help
>> any to a solution of fix, or explenation.
>> But the big question now is, does someone somewhere know what bjorn
>> is talking about.
>>
>> i did search for "gencache" but no go here..
>> just from old documentation.
>> https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/tdb.html
>> gencache.tdb Generic caching database.
>>
>>
>> Greetz,
>>
>> Louis
>>
>>
>> -----Oorspronkelijk bericht-----
>> Van: samba-bugs at samba.org [mailto:samba-bugs at samba.org]
>> Verzonden: woensdag 29 april 2015 17:51
>> Aan: L.P.H. van Belle
>> Onderwerp: [Bug 11241] different ids even when idmap.ldb copied.
>>
>> https://bugzilla.samba.org/show_bug.cgi?id=11241
>>
>> Björn Jacke <bj at sernet.de> changed:
>>
>> What |Removed |Added
>> ----------------------------------------------------------------------------
>>
>> Resolution|--- |INVALID
>> Status|NEW |RESOLVED
>>
>> --- Comment #1 from Björn Jacke <bj at sernet.de> ---
>> this is not a supported thing to do, so this is not a valid bug.
>> winbindd has a
>> different way of caching (investigate gencache for example) entries
>> and this is
>> probably what makes that hack stop working for you with winbindd.
>>
>
> A quick internet search for gecache led me to an list of ldb files
> https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/tdb.html.
> It's from the old samba docs, in there is an file called
> winbndd_idmap.tdb mentioned, can it be this is the place where
> winbindd stores xid mappings? I do not have an running 4.2 instance
> here for testing.
>
> Have an good day,
> Achim~
>
Did an quick test in an vm and there is no winbind_idmap.tdb file. But
there is an /var/cache/samba/gencache.tdb file. Temoved this file with
samba stopped and afterwards the changes in idmap.tdb apply.
Test:
root at wheezy:~# getfacl /var/lib/samba/sysvol/example.com
# file: var/lib/samba/sysvol/example.com
# owner: root
# group: 3000000
user::rwx
user:root:rwx
user:3000000:rwx
user:3000001:r-x
user:3000002:rwx
user:3000003:r-x
root at wheezy:~#/etc/init.d/sernet-samba-ad stop
root at wheezy:~#ldbedit -H /var/lib/samba/private/idmap.ldb
Changed
# record 6
dn: CN=CONFIG
cn: CONFIG
lowerBound: 3000000
upperBound: 4000000
xidNumber: 3000016
distinguishedName: CN=CONFIG
Into
# record 6
dn: CN=CONFIG
cn: CONFIG
lowerBound: 3000000
upperBound: 4000000
xidNumber: 3000017
distinguishedName: CN=CONFIG
And
# record 10
dn: CN=S-1-5-11
cn: S-1-5-11
objectClass: sidMap
objectSid: S-1-5-11
type: ID_TYPE_BOTH
xidNumber: 3000003
distinguishedName: CN=S-1-5-11
Into
# record 10
dn: CN=S-1-5-11
cn: S-1-5-11
objectClass: sidMap
objectSid: S-1-5-11
type: ID_TYPE_BOTH
xidNumber: 3000017
distinguishedName: CN=S-1-5-11
Started samba and ran sysvolreset
root at wheezy:~#/etc/init.d/sernet-samba-ad start
root at wheezy:~#samba-tool ntacl sysvolreset
Nothing changed.
root at wheezy:~# getfacl /var/lib/samba/sysvol/example.com
# file: var/lib/samba/sysvol/example.com
# owner: root
# group: 3000000
user::rwx
user:root:rwx
user:3000000:rwx
user:3000001:r-x
user:3000002:rwx
user:3000003:r-x
Stopped samba removed gencache
root at wheezy:~#/etc/init.d/sernet-samba-ad stop
root at wheezy:~#rm /var/cache/samba/gencache*
Started samba and ran sysvolreset
root at wheezy:~#/etc/init.d/sernet-samba-ad start
root at wheezy:~#samba-tool ntacl sysvolreset
Changes applied now the last line now show the xid i changed in idmap.ldb.
root at wheezy:~# getfacl /var/lib/samba/sysvol/example.com
# file: var/lib/samba/sysvol/example.com
# owner: root
# group: 3000000
user::rwx
user:root:rwx
user:3000000:rwx
user:3000001:r-x
user:3000002:rwx
user:3000017:r-x
So the idmap.ldb copying should still work with the addition that
/var/cache/samba/gencache.tdb must be deleted if winbindd is in use.
Achim~
More information about the samba
mailing list