- Apr 20, 2012
- 3,935
- 68
- 91
Hello,
I'm not really expecting an answer to my question, but I might as well try. Samba's IRC channel proved unhelpful, and I found a work-around before I got desperate enought to try the (from the archives not very promising) mailing list.
I am using an MS Server2k8R2 ADS, and Samba 3.6.9 with an idmap_ad configuration, which was working the way I expected until recently.
I had to reboot my ADS then, and what happened next was ugly. For some reason Samba/winbind/idmap messed up, and assigned the uid of my domain user to a local guest account (SID ending on 501 - just like the co-existing domain guest account). This made nss go crazy. Authentication still worked, as did getent passwd, but uid-to-name was broken. User rights were transferred to the local guest account.
My real question is - how did this local account crop up? Where is idmap/wbinfo getting uid to sid translation from? Why is it not respecting smb.conf idmap range settings?
..I ended up assigning a different uid to the domain account, and did some chowns, but I'd still like to know what exactly has happened there, and why.
I'm not really expecting an answer to my question, but I might as well try. Samba's IRC channel proved unhelpful, and I found a work-around before I got desperate enought to try the (from the archives not very promising) mailing list.
I am using an MS Server2k8R2 ADS, and Samba 3.6.9 with an idmap_ad configuration, which was working the way I expected until recently.
I had to reboot my ADS then, and what happened next was ugly. For some reason Samba/winbind/idmap messed up, and assigned the uid of my domain user to a local guest account (SID ending on 501 - just like the co-existing domain guest account). This made nss go crazy. Authentication still worked, as did getent passwd, but uid-to-name was broken. User rights were transferred to the local guest account.
My real question is - how did this local account crop up? Where is idmap/wbinfo getting uid to sid translation from? Why is it not respecting smb.conf idmap range settings?
..I ended up assigning a different uid to the domain account, and did some chowns, but I'd still like to know what exactly has happened there, and why.