[Samba] winbindd losing track of RFC2307 UIDs
Achim Gottinger
achim at ag-web.biz
Wed Oct 5 20:31:14 UTC 2016
Am 05.10.2016 um 22:12 schrieb Rob via samba:
> On Tue, 4 Oct 2016, Rowland Penny wrote:
>
>> This is very strange, have you tried running 'net cache flush' on the
>> domain member ?
>>
>> Have you compared the users AD objects ?
>
> Running 'net cache flush' on the member does fix things, albeit only
> for a while:
>
> # wbinfo -i auser
> auser:*:2020:10000:User Name:/home/auser:/bin/bash
> # net cache flush
> # wbinfo -i auser
> auser:*:10028:10000:User Name:/home/auser:/bin/bash
> [...wait a few hours...]
> # wbinfo -i auser
> auser:*:2020:10000:User Name:/home/auser:/bin/bash
>
> Using ldbsearch on sam.ldb on the DC, I compared the attributes of
> problematic users and normal users... I couldn't find anything obvious
> distinguishing them.
>
> Also, on the member:
>
> # net idmap dump
> dumping id mapping from /usr/local/samba/var/locks/winbindd_idmap.tdb
> [...]
> UID 2020 S-1-5-21-2701825980-1665447529-2160704981-1177
>
> (where S-*-1177 is the SID for auser)
>
> But I'd think winbindd would prefer the mapping in AD, given smb.conf
> having our domain listed explicitly and 2xxx only as a
> default/fallback. Or maybe I misunderstand how the idmaps work... does
> the order in smb.conf matter at all?
>
> _Rob
>
>
Hi Rob,
You can try to use tdbtool to delete the offending key with uid 2020.
https://www.samba.org/samba/docs/man/manpages-3/tdbtool.8.html
I'd stop samba make an backup of winbind_idmap.tdb and give it a try.
In my case deleting the mappings from idamp.tdb fixed the issue of
changing uid's.
achim~
More information about the samba
mailing list