samba-users August 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: [Samba] Samba idmap against ad

[Samba] Samba idmap against ad

From: Stuart Bailey <stuart_at_nospam>
Date: Wed Aug 11 2010 - 11:27:41 GMT

I have a samba server (old - running FC6, samba 3.0.24-11.fc6) that
authenticates against AD. This is all configured and has been working fine
until this week.

A new user has been added to AD, but cannot access the samba drives. All other
users can still access samba as normal.

net ads testjoin reports OK.

wbinfo -a newuser%pass and wbinfo -K newuser%pass both succeed. wbinfo -r
newuser reports all the user group memberships from AD.

wbinfo -p is OK

wbinfo -i newuser reports that no information on that user can be found.

wbinfo -n newuser returns the SID, and wbinfo -s SID returns the username

However, wbinfo -S SID fails.

I found a thread that suggests a corrupted idmap cache file. If I delete this
file, and restart winbind, the file is re-created, but contains no SID data.
I've also noticed that the winbindd_idmap.tdb file has an old time stamp
winbindd_cache.tdb has today's date.

I tried setting:
   winbind cache time = 3600
   idmap cache time = 3600
but no improvement.

Also, this is affecting both FC6 servers we have, both with the same config. The
config has not changed, and the servers have not been rebooted / power cycled
etc. The problem only affects new AD user accounts.

Any sugguestions as to where I should look next?

Many thanks,

-- --------------------------------------- Stuart Bailey BSc (hons) CEng CITP MBCS LinuSoft (Managing Director) Linux Specialist & Software Developer ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Phone: (0845) 658 3563 Direct: +44 (0) 1953 878162 Fax: +44 (0) 1603 858583 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ ---------------------------------------- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. No malware was found: NETGEAR ProSecure Web/Email Security Threat Management Appliance has scanned this mail and its attachment(s). -- To unsubscribe from this list go to the following URL and read the instructions: