[Samba] winbindd losing track of RFC2307 UIDs
Achim Gottinger
achim at ag-web.biz
Wed Oct 5 21:44:49 UTC 2016
Am 05.10.2016 um 22:31 schrieb Achim Gottinger via samba:
>
>
> Am 05.10.2016 um 22:12 schrieb Rob via samba:
>> On Tue, 4 Oct 2016, Rowland Penny wrote:
>>
>>> This is very strange, have you tried running 'net cache flush' on the
>>> domain member ?
>>>
>>> Have you compared the users AD objects ?
>>
>> Running 'net cache flush' on the member does fix things, albeit only
>> for a while:
>>
>> # wbinfo -i auser
>> auser:*:2020:10000:User Name:/home/auser:/bin/bash
>> # net cache flush
>> # wbinfo -i auser
>> auser:*:10028:10000:User Name:/home/auser:/bin/bash
>> [...wait a few hours...]
>> # wbinfo -i auser
>> auser:*:2020:10000:User Name:/home/auser:/bin/bash
>>
>> Using ldbsearch on sam.ldb on the DC, I compared the attributes of
>> problematic users and normal users... I couldn't find anything
>> obvious distinguishing them.
>>
>> Also, on the member:
>>
>> # net idmap dump
>> dumping id mapping from /usr/local/samba/var/locks/winbindd_idmap.tdb
>> [...]
>> UID 2020 S-1-5-21-2701825980-1665447529-2160704981-1177
>>
>> (where S-*-1177 is the SID for auser)
>>
>> But I'd think winbindd would prefer the mapping in AD, given smb.conf
>> having our domain listed explicitly and 2xxx only as a
>> default/fallback. Or maybe I misunderstand how the idmaps work...
>> does the order in smb.conf matter at all?
>>
>> _Rob
>>
>>
> Hi Rob,
>
> You can try to use tdbtool to delete the offending key with uid 2020.
> https://www.samba.org/samba/docs/man/manpages-3/tdbtool.8.html
> I'd stop samba make an backup of winbind_idmap.tdb and give it a try.
> In my case deleting the mappings from idamp.tdb fixed the issue of
> changing uid's.
>
> achim~
>
>
Did the uid change from 2018 to 2020 or is this an different user or
member server? If it changed editing winbindd_idmap.tdb might not fix
your problem.
More information about the samba
mailing list