[Samba] winbindd losing track of RFC2307 UIDs

Rob rj_t1 at redglow.org
Wed Oct 5 20:12:41 UTC 2016


On Tue, 4 Oct 2016, Rowland Penny wrote:

> This is very strange, have you tried running 'net cache flush' on the
> domain member ?
>
> Have you compared the users AD objects ?

Running 'net cache flush' on the member does fix things, albeit only for a 
while:

# wbinfo -i auser
auser:*:2020:10000:User Name:/home/auser:/bin/bash
# net cache flush
# wbinfo -i auser
auser:*:10028:10000:User Name:/home/auser:/bin/bash
[...wait a few hours...]
# wbinfo -i auser
auser:*:2020:10000:User Name:/home/auser:/bin/bash

Using ldbsearch on sam.ldb on the DC, I compared the attributes of 
problematic users and normal users... I couldn't find anything 
obvious distinguishing them.

Also, on the member:

# net idmap dump
dumping id mapping from /usr/local/samba/var/locks/winbindd_idmap.tdb
[...]
UID 2020 S-1-5-21-2701825980-1665447529-2160704981-1177

(where S-*-1177 is the SID for auser)

But I'd think winbindd would prefer the mapping in AD, given smb.conf 
having our domain listed explicitly and 2xxx only as a default/fallback. 
Or maybe I misunderstand how the idmaps work... does the order in smb.conf 
matter at all?

_Rob




More information about the samba mailing list