[Samba] IDMAP problems after upgrade to Debian jessie

mathias dufresne infractory at gmail.com
Mon Jan 16 15:02:30 UTC 2017


Hi,

To clean idmap cache I'd bet you would have to type: "net cache flush"

Then as idmap cache is cleared, it would be regenerated.

2017-01-14 23:43 GMT+01:00 Lukas Haase via samba <samba at lists.samba.org>:

> Hi,
>
> I have been running a Debian 3 server without problems for a long time.
> Now, after upgrading to Debian jessie (Debian 4.2.14) I cannot log in
> any more:
>
> smbclient -U admin -L //localhost/
> Enter admin's password:
> session setup failed: NT_STATUS_UNSUCCESSFUL
>
> In the logs:
>
> [2017/01/14 23:37:21.636022,  2]
> ../source3/auth/auth.c:305(auth_check_ntlm_password)
>   check_ntlm_password:  authentication for user [admin] -> [admin] ->
> [admin] succeeded
> [2017/01/14 23:37:21.637610,  1]
> ../source3/auth/token_util.c:430(add_local_groups)
>   SID S-1-5-21-3909901412-745783496-1225843668-500 -> getpwuid(25003)
> failed
>
> This is odd because the correct UID for this SID would be 1013.
>
> The relevant Samba config thus far was:
>
> passdb backend = ldapsam:ldap://ldap/
> ldap ssl = Start_tls
> obey pam restrictions = no
> ldap admin dn = uid=admin,dc=intra
> ldap suffix = dc=intra
> ldap group suffix = ou=groups
> ldap user suffix = ou=users
> ldap machine suffix = ou=machines
> ldap idmap suffix = ou=idmap
> idmap uid = 25000-27000
> idmap gid = 25000-27000
>
> However, ou=idmap in the LDAP tree is empty and winbind was running.
>
> I thought maybe it is because of the deprecated idmap uid option but no
> matter what I set for "idmap config", wbinfo always returns the wrong UID:
>
> # wbinfo --sid-to-uid S-1-5-21-3909901412-745783496-1225843668-500
> 25003
>
>
> For example, I tried
>
> idmap config * : backend = tdb
> idmap config * : range = 25000 27000
>
> or
>
> idmap config * : backend = rid
> idmap config * : range = 0 1000
>
> The output just does not change.
>
> Any help would be appreciated. Thanks!
>
> Luke
>
>
>
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list