[Samba] Problems with ID mapping after upgrade to Debian jessie
lukashaase at gmx.at
Sun Jan 15 00:03:04 UTC 2017
I still do not know why the problem came up, why all the idmap
configuration was ignored and why wbinfo and net idmap dump returned
different entries. However, after a long time I ended up doing the
1.) In the LDAP, changed the SID from
S-1-5-21-3909901412-745783496-1225843668-500 to SID
2.) Hooray, login worked! wbinfo returned the correct result for RID 501
but not for 500. Chaning the SID entry back stopped it from working again.
3.) Grepped /var for S-1-5-21-3909901412-745783496-1225843668-501. Found
it in /var/cache/samba/gencache.tdb. Deleted the file
4.) Restarted samba, works again with original SID!
If somebody has an explanation for this behavior, I would still be
interested to know why ...
On 2017-01-14 14:49, Lukas Haase via samba wrote:
> I have been running a Debian 3 server without problems for a long time.
> Now, after upgrading to Debian jessie (Debian 4.2.14) I cannot log in
> any more:
> smbclient -U admin -L //localhost/
> Enter admin's password:
> session setup failed: NT_STATUS_UNSUCCESSFUL
> In the logs:
> [2017/01/14 23:37:21.636022, 2]
> check_ntlm_password: authentication for user [admin] -> [admin] ->
> [admin] succeeded
> [2017/01/14 23:37:21.637610, 1]
> SID S-1-5-21-3909901412-745783496-1225843668-500 -> getpwuid(25003) failed
> This is odd because the correct UID for this SID would be 1013.
> The relevant Samba config thus far was:
> passdb backend = ldapsam:ldap://ldap/
> ldap ssl = Start_tls
> obey pam restrictions = no
> ldap admin dn = uid=admin,dc=intra
> ldap suffix = dc=intra
> ldap group suffix = ou=groups
> ldap user suffix = ou=users
> ldap machine suffix = ou=machines
> ldap idmap suffix = ou=idmap
> idmap uid = 25000-27000
> idmap gid = 25000-27000
> However, ou=idmap in the LDAP tree is empty and winbind was running.
> I thought maybe it is because of the deprecated idmap uid option but no
> matter what I set for "idmap config", wbinfo always returns the wrong UID:
> # wbinfo --sid-to-uid S-1-5-21-3909901412-745783496-1225843668-500
> For example, I tried
> idmap config * : backend = tdb
> idmap config * : range = 25000 27000
> idmap config * : backend = rid
> idmap config * : range = 0 1000
> The output just does not change.
> Any help would be appreciated. Thanks!
More information about the samba