[Samba] Change (fix) idmap config
Rowland Penny
rpenny at samba.org
Wed Nov 2 17:14:25 UTC 2022
On 02/11/2022 16:58, Lorenzo Milesi wrote:
>
>>> after a few seconds, the ID is "restored" to the wrong one:
>>> # getent group "domain users"
>>> domain users:x:700009:
>>
>> That shouldn't happen, can you post the contents of /etc/nsswitch.conf ?
>>
>> Try stopping Samba, run 'net cache flush' and then restart Samba again.
>>
>> Is anything else running ? sssd, nlscd or similar ?
>>
>> The only other thing that I can think of is, is your AD domains NETBIOS
>> domain name something other than 'LIGHT' ?
>
> I restore this old thread because those "tdb" ids popped up again.
>
> To recap, in order to get rid of the wrong tdb ids I:
>
> * changed all files on disk with find -gid TDB_UID chown RID_UID {} \;
> * net cache flush
> * rebooted
>
> Everything was fine, but eventually it wasn't totally correct.
> I found a similar problem on SO [1], and they suggest to:
>
> service winbind stop
> service smb stop
> net cache flush
> rm -f /var/lib/samba/*.tdb
> rm -f /var/lib/samba/group_mapping.ldb
It is a bit over the top, but there is no harm in doing it, Samba will
just recreate them.
> service smb start
> service winbind start
Wrong way around in my opinion, I would start winbind first, that is
what does the authentication, then start smbd.
>
> Some further comments report a new "join" is required before restarting services.
> Can this be a correct approach?
If all else fails, it is worth trying, but 'leave' the domain first.
Rowland
More information about the samba
mailing list