[Samba] FW: [Bug 11241] different ids even when idmap.ldbcopied. not abug.. (SOLVED)

L.P.H. van Belle belle at bazuin.nl
Thu Apr 30 06:59:06 MDT 2015 

Hello Achim, 

Ok, thank you for looking into this. 
Its clear now where the problem was. 

Thank you, my sysvol replication script is working fine now again with samba 4.2.1 
( found here : https://secure.bazuin.nl/scripts/3-setup-sysvol-bidirectional.sh  ) 

upped version 1.0.6.  added te remove of gencache.tdb on the second DC. 
tested with debian wheezy (sernet) samba 4.1.x (winbind)  and 4.2.1. (winbind and winbindd) 


Thanks ! 

Greetz, 

Louis





>-----Oorspronkelijk bericht-----
>Van: achim at ag-web.biz [mailto:samba-bounces at lists.samba.org] 
>Namens Achim Gottinger
>Verzonden: donderdag 30 april 2015 14:23
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] FW: [Bug 11241] different ids even when 
>idmap.ldb copied. not abug..
>
>Hi again,
>Am 30.04.2015 um 12:55 schrieb Achim Gottinger:
>> Hi Louis, Björn and Rowland,
>>
>> Am 30.04.2015 um 08:09 schrieb L.P.H. van Belle:
>>> Please read the reported bug and bjorn answer.. which does not help 
>>> any to a solution of fix, or explenation.
>>> But the big question now is, does someone somewhere know what bjorn 
>>> is talking about.
>>>
>>> i did search for "gencache" but no go here..
>>> just from old documentation.
>>> https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/tdb.html
>>> gencache.tdb  Generic caching database.
>>>
>>>
>>> Greetz,
>>>
>>> Louis
>>>
>>>
>>> -----Oorspronkelijk bericht-----
>>> Van: samba-bugs at samba.org [mailto:samba-bugs at samba.org]
>>> Verzonden: woensdag 29 april 2015 17:51
>>> Aan: L.P.H. van Belle
>>> Onderwerp: [Bug 11241] different ids even when idmap.ldb copied.
>>>
>>> https://bugzilla.samba.org/show_bug.cgi?id=11241
>>>
>>> Björn Jacke <bj at sernet.de> changed:
>>>
>>>             What    |Removed                     |Added
>>> 
>---------------------------------------------------------------
>------------- 
>>>
>>>           Resolution|---                         |INVALID
>>>               Status|NEW                         |RESOLVED
>>>
>>> --- Comment #1 from Björn Jacke <bj at sernet.de> ---
>>> this is not a supported thing to do, so this is not a valid bug. 
>>> winbindd has a
>>> different way of caching (investigate gencache for example) entries 
>>> and this is
>>> probably what makes that hack stop working for you with winbindd.
>>>
>>
>> A quick internet search for gecache led me to an list of ldb files 
>> 
>https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/tdb.html. 
>> It's from the old samba docs, in there is an file called 
>> winbndd_idmap.tdb mentioned, can it be this is the place where 
>> winbindd stores xid mappings? I do not have an running 4.2 instance 
>> here for testing.
>>
>> Have an good day,
>> Achim~
>>
>Did an quick test in an vm and there is no winbind_idmap.tdb file. But 
>there is an /var/cache/samba/gencache.tdb file.  Temoved this 
>file with 
>samba stopped and afterwards the changes in idmap.tdb apply.
>
>Test:
>
>root at wheezy:~# getfacl /var/lib/samba/sysvol/example.com
># file: var/lib/samba/sysvol/example.com
># owner: root
># group: 3000000
>user::rwx
>user:root:rwx
>user:3000000:rwx
>user:3000001:r-x
>user:3000002:rwx
>user:3000003:r-x
>
>root at wheezy:~#/etc/init.d/sernet-samba-ad stop
>root at wheezy:~#ldbedit -H /var/lib/samba/private/idmap.ldb
>
>Changed
>
># record 6
>dn: CN=CONFIG
>cn: CONFIG
>lowerBound: 3000000
>upperBound: 4000000
>xidNumber: 3000016
>distinguishedName: CN=CONFIG
>
>Into
>
># record 6
>dn: CN=CONFIG
>cn: CONFIG
>lowerBound: 3000000
>upperBound: 4000000
>xidNumber: 3000017
>distinguishedName: CN=CONFIG
>
>And
>
># record 10
>dn: CN=S-1-5-11
>cn: S-1-5-11
>objectClass: sidMap
>objectSid: S-1-5-11
>type: ID_TYPE_BOTH
>xidNumber: 3000003
>distinguishedName: CN=S-1-5-11
>
>Into
>
># record 10
>dn: CN=S-1-5-11
>cn: S-1-5-11
>objectClass: sidMap
>objectSid: S-1-5-11
>type: ID_TYPE_BOTH
>xidNumber: 3000017
>distinguishedName: CN=S-1-5-11
>
>Started samba and ran sysvolreset
>
>root at wheezy:~#/etc/init.d/sernet-samba-ad start
>root at wheezy:~#samba-tool ntacl sysvolreset
>
>Nothing changed.
>
>root at wheezy:~# getfacl /var/lib/samba/sysvol/example.com
># file: var/lib/samba/sysvol/example.com
># owner: root
># group: 3000000
>user::rwx
>user:root:rwx
>user:3000000:rwx
>user:3000001:r-x
>user:3000002:rwx
>user:3000003:r-x
>
>Stopped samba removed gencache
>
>root at wheezy:~#/etc/init.d/sernet-samba-ad stop
>root at wheezy:~#rm /var/cache/samba/gencache*
>
>Started samba and ran sysvolreset
>
>root at wheezy:~#/etc/init.d/sernet-samba-ad start
>root at wheezy:~#samba-tool ntacl sysvolreset
>
>Changes applied now the last line now show the xid i changed 
>in idmap.ldb.
>
>root at wheezy:~# getfacl /var/lib/samba/sysvol/example.com
># file: var/lib/samba/sysvol/example.com
># owner: root
># group: 3000000
>user::rwx
>user:root:rwx
>user:3000000:rwx
>user:3000001:r-x
>user:3000002:rwx
>user:3000017:r-x
>
>So the idmap.ldb copying should still work with the addition that 
>/var/cache/samba/gencache.tdb must be deleted if winbindd is in use.
>
>Achim~
>
>
>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list