[Samba] User idmap lost

Paul R. Ganci ganci at nurdog.com
Fri Apr 6 05:58:35 UTC 2018

> Some more information. RSAT on the windows 10 client shows all the 
> proper UNIX attributes. The uidNumber is the correct 3001108. So I 
> removed the idmap.ldb entry for my wife's sid and restarted the AD. 
> The new idmap entry was created and I noticed that getent returned the 
> xidNumber from the new entry. It appears that the AD is ignoring the 
> UNIX attributes altogether for my wife's account. I honestly do not 
> know what is special about her account as my account is setup in 
> exactly the same manner.

This is absolutely messed up. I re-created my wife's account. I added 
the UNIX attributes changing the uidNumber=10001 and I changed my 
uidNumber=10000 and gave the group domain users gidNumber=10513. I then 
restarted the server and issued a net cache flush probably 10 times


I then do:

 > cd /home
 > ls -altn
drwx------+ 82   10000   10513 20480 Apr  5 23:36 me
drwx------+ 43 3000112 3000513  4096 Apr  4 18:28 mywife
 >getent passwd
MYHOME\prg-11868bg:*:10000:3000513:Paul R. Ganci:/home/prg-11868bg:/bin/bash

It seems after some small length of time the domain users group 
gidNumber reverts to its xidNumber as does my wife's uidNumber. I have 
no idea why this would occur and don't know where to begin to debug the 
problem. Any pointers would be appreciated.
Paul (ganci at nurdog.com)
Cell: (303)257-5208

More information about the samba mailing list