[Samba] Change (fix) idmap config

Rowland Penny rpenny at samba.org
Wed Nov 2 17:14:25 UTC 2022

On 02/11/2022 16:58, Lorenzo Milesi wrote:
>>> after a few seconds, the ID is "restored" to the wrong one:
>>> # getent group "domain users"
>>> domain users:x:700009:
>> That shouldn't happen, can you post the contents of /etc/nsswitch.conf ?
>> Try stopping Samba, run 'net cache flush' and then restart Samba again.
>> Is anything else running ? sssd, nlscd or similar ?
>> The only other thing that I can think of is, is your AD domains NETBIOS
>> domain name something other than 'LIGHT' ?
> I restore this old thread because those "tdb" ids popped up again.
> To recap, in order to get rid of the wrong tdb ids I:
> * changed all files on disk with find -gid TDB_UID chown RID_UID {} \;
> * net cache flush
> * rebooted
> Everything was fine, but eventually it wasn't totally correct.
> I found a similar problem on SO [1], and they suggest to:
> service winbind stop
> service smb stop
> net cache flush
> rm -f /var/lib/samba/*.tdb
> rm -f /var/lib/samba/group_mapping.ldb

It is a bit over the top, but there is no harm in doing it, Samba will 
just recreate them.

> service smb start
> service winbind start

Wrong way around in my opinion, I would start winbind first, that is 
what does the authentication, then start smbd.

> Some further comments report a new "join" is required before restarting services.
> Can this be a correct approach?

If all else fails, it is worth trying, but 'leave' the domain first.


More information about the samba mailing list