[Samba] suddenly change: idmap uid + gid

Rowland penny rpenny at samba.org
Sun Nov 3 20:57:34 UTC 2019

On 03/11/2019 20:46, Andrew Bartlett wrote:
> On Sun, 2019-11-03 at 08:39 +0000, Rowland penny via samba wrote:
>> On 02/11/2019 23:18, Hilberg via samba wrote:
>>> Hi
>>> The server suddenly changed the uid + gid. this happened to times,
>>> yesterday and the week after. The default group at example
>>> The samba is a AD member where we have many users (>20 000) and we
>>> use
>>> autorid in that way
>>> [global]
>>>    security = ads
>>>    workgroup = CUSTOMER
>>>    realm = CUSTOMER.COM
>>>    winbind use default domain = yes
>>>    winbind enum users = yes
>>>    winbind enum group = yes
>>>    idmap config * : backend = autorid
>>>    idmap config * : range = 1000000-8999999999
>>> OS debian 10
>>> DC Microsoft
>>> At the moment I have two questions:
>>> Why this happened and is there a way to stop the disaster?
>>> Is there a quick way to repair the disaster? I infects the profile
>>> directory used with acl.
>>> thank you
>> Please do not post things like this to the samba-technical list.
>> As I said, you cannot use 'winbind use default domain = yes' with
>> 'autorid', it makes all users and groups members of the same domain,
>> this is probably what has happened here.
> G'Day Rowland,
> Are you really sure that is the case?
> The "winbind use default domain" code, which I authored, certainly
> isn't intended to do that.  It changes the formatting at the nss
> interface to strip the domain\ prefix, allowing local logins with pam
> etc to avoid typing the domain.

I suppose it depends on just where the domain is stripped. If it is very 
early on, then DOMAINA\fred and DOMAINB\fred would become fred and fred, 
so how would winbind know which is which ?

This is the only reason I can think of that could change the ID.

Can you think of another reason Andrew ?


More information about the samba mailing list