[Samba] User idmap lost
Paul R. Ganci
ganci at nurdog.com
Fri Apr 6 05:58:35 UTC 2018
>
> Some more information. RSAT on the windows 10 client shows all the
> proper UNIX attributes. The uidNumber is the correct 3001108. So I
> removed the idmap.ldb entry for my wife's sid and restarted the AD.
> The new idmap entry was created and I noticed that getent returned the
> xidNumber from the new entry. It appears that the AD is ignoring the
> UNIX attributes altogether for my wife's account. I honestly do not
> know what is special about her account as my account is setup in
> exactly the same manner.
>
This is absolutely messed up. I re-created my wife's account. I added
the UNIX attributes changing the uidNumber=10001 and I changed my
uidNumber=10000 and gave the group domain users gidNumber=10513. I then
restarted the server and issued a net cache flush probably 10 times
MYDOM\me:*:10000:10513::/home/me:/bin/bash
MYDOM\mywife:*:10001:10513::/home/mywife:/bin/bash
I then do:
> cd /home
> ls -altn
drwx------+ 82 10000 10513 20480 Apr 5 23:36 me
drwx------+ 43 3000112 3000513 4096 Apr 4 18:28 mywife
>getent passwd
MYHOME\prg-11868bg:*:10000:3000513:Paul R. Ganci:/home/prg-11868bg:/bin/bash
MYHOME\sln-11868bg:*:3000112:3000513::/home/sln-11868bg:/bin/bash
It seems after some small length of time the domain users group
gidNumber reverts to its xidNumber as does my wife's uidNumber. I have
no idea why this would occur and don't know where to begin to debug the
problem. Any pointers would be appreciated.
--
Paul (ganci at nurdog.com)
Cell: (303)257-5208
More information about the samba
mailing list