[Samba] Change (fix) idmap config

Lorenzo Milesi lorenzo.milesi at yetopen.com
Wed Nov 2 16:58:56 UTC 2022

>> after a few seconds, the ID is "restored" to the wrong one:
>> # getent group "domain users"
>> domain users:x:700009:
> That shouldn't happen, can you post the contents of /etc/nsswitch.conf ?
> Try stopping Samba, run 'net cache flush' and then restart Samba again.
> Is anything else running ? sssd, nlscd or similar ?
> The only other thing that I can think of is, is your AD domains NETBIOS
> domain name something other than 'LIGHT' ?

I restore this old thread because those "tdb" ids popped up again.

To recap, in order to get rid of the wrong tdb ids I:

* changed all files on disk with find -gid TDB_UID chown RID_UID {} \;
* net cache flush
* rebooted

Everything was fine, but eventually it wasn't totally correct.
I found a similar problem on SO [1], and they suggest to:

service winbind stop
service smb stop
net cache flush
rm -f /var/lib/samba/*.tdb
rm -f /var/lib/samba/group_mapping.ldb
service smb start
service winbind start

Some further comments report a new "join" is required before restarting services.
Can this be a correct approach?


[1] https://serverfault.com/a/505700/102716
Lorenzo Milesi - lorenzo.milesi at yetopen.com 
CTO @ YetOpen Srl

Corso Martiri della Liberazione 114 - 23900 Lecco - ITALY - | 4801 Glenwood Avenue - Suite 200 - Raleigh, NC 27612 - USA -
Tel +39 0341 220 205 - info.it at yetopen.com  | Phone +1 919-817-8106 - info.us at yetopen.com

Think green - Non stampare questa e-mail se non necessario / Don't print this email unless necessary

-------- D.Lgs. 196/2003 e GDPR 679/2016 --------
Tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario.
Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere confidenziali e riservate secondo i termini
del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 - GDPR - e quindi ne e' proibita l'utilizzazione ulteriore non autorizzata.
Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, stamparlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile.

Confidentiality notice: this email message including any attachment is for the sole use of the intended recipient and may contain confidential and privileged information;
pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 - GDPR - any unauthorized review, use, disclosure or distribution
is prohibited. If you are not the intended recepient please delete this message without copying, printing or forwarding it to others, and alert us as soon as possible.
Thank you.

More information about the samba mailing list