[Samba] winbindd losing track of RFC2307 UIDs

Rob rj_t1 at redglow.org
Fri Oct 21 16:40:15 UTC 2016

On Tue, 4 Oct 2016, Achim Gottinger wrote:

> Am 03.10.2016 um 18:57 schrieb Rob via samba:
>> [...]
>> This generally works fine... user mappings are like:
>> $ wbinfo -i auser
>> auser:*:10028:10000:User Name:/home/auser:/bin/bash
>> $ id auser
>> uid=10028(auser) gid=10000(agroup) groups=10000(agroup),10007(othergroup)
>> After a while (generally a couple days, though sometimes much sooner), this 
>> starts happening:
>> $ wbinfo -i auser
>> auser:*:2018:10000:User Name:/home/auser:/bin/bash
>> $ id auser
>> uid=2018(auser) gid=10000(agroup) groups=10000(agroup),10007(othergroup)
> Been having this issue on an dc after i updated from 4.1 to 4.2. It turned 
> out some users with defined uid also had mappings from winbind in idmap.tdb. 
> At firt the uid attributre gets used but afetr a while the value 
> fromidmap.tdb was used. The fix was to delete the mappings in idmap.tdb.
> On an member server you can use net idmap set/get/dump to test this.

As the problem was getting worse and worse on my end (UIDs resetting after 
a few minutes, mostly in response to SMB traffic), I did something 

- stop Samba on the member
- remove the idmap tables completely
- restart Samba on the member

After a week of running, this seems to be working without issue!

My guess (without looking at the code) is that one of the smbd processes 
had a record of a UID=20xx user, and did reverse lookup to find the SID, 
and somehow that led winbindd to always use the idmap.tdb info instead of 
querying AD for that SID.


More information about the samba mailing list