Ubuntu
samba package

winbind tools don't seem to agree on idmappings

Asked by Scott Saunders

Binary package hint: samba

# lsb_release -rd
Description: Ubuntu 10.04.1 LTS
Release: 10.04
# uname -a
Linux kuat 2.6.32-24-server #39-Ubuntu SMP Wed Jul 28 06:21:40 UTC 2010 x86_64 GNU/Linux
# apt-cache policy samba
samba:
  Installed: 2:3.4.7~dfsg-1ubuntu3.1
  Candidate: 2:3.4.7~dfsg-1ubuntu3.2
  Version table:
     2:3.4.7~dfsg-1ubuntu3.2 0
        500 http://us.archive.ubuntu.com/ubuntu/ lucid-updates/main Packages
        500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages
 *** 2:3.4.7~dfsg-1ubuntu3.1 0
        100 /var/lib/dpkg/status
     2:3.4.7~dfsg-1ubuntu3 0
        500 http://us.archive.ubuntu.com/ubuntu/ lucid/main Packages
     3.0.28a-1ubuntu4.13 0
        500 http://us.archive.ubuntu.com/ubuntu/ hardy-updates/main Packages

The following has got me a little worried. I noticed the XXXXX222 GID showing up after I recently deleted a couple keys using tdbtool, one of which was an SID linked to GID XXXXX218 which was causing permission issues because it was one of two SIDs pointing to the same GID (if it's any interest, the key I deleted was the SID for the windows BUILTIN\NETWORK group). Deleting the key seemed to resolve that issue. What follows is what I am seeing since that change. Note: I have replaced parts of the GIDs and SIDs with X's. Between the two GIDs in question the prefix is the same and they both link to the exact same SID. There is at least one other group I'm aware of that I am seeing this problem with as well. First of all I don't understand why I now have two GIDs pointing to the same SID. Secondly, I get varying responses from wbinfo, tdbtool, and net idmap dump - who do I trust?

wbinfo shows
# wbinfo --gid-info XXXXX218
DOMAIN\domain admins:x:XXXXX222
# wbinfo --gid-info XXXXX222
DOMAIN\domain admins:x:XXXXX222
# wbinfo -G XXXXX218
S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-512
# wbinfo -G XXXXX222
S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-512
# wbinfo -Y S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-512
XXXXX222

tdbtool shows
tdbtool /var/lib/samba/winbindd_idmap.tdb
tdb> show GID\ XXXXX218\0
fetch failed
tdb> show GID\ XXXXX222\0
key 13 bytes
GID XXXXX222
data 46 bytes
S-1-5-21 -XXXXXXX
XXX-XXXX XXXXXX-X
XXXXXXXX X-512

idmap dump shows
net idmap dump /var/lib/samba/winbindd_idmap.tdb |grep GID|egrep XXXXX\(218\|222\)|less
GID XXXXX218 S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-512
notice GID XXXXX222 does not show up here

number of files currently owned by this group/these GIDs
# ls -alRg /path/to/samba/shares/ |grep -c 'DOMAIN\\domain admins'
41934
# ls -alnRg /path/to/samba/shares/ |grep -c XXXXX218
41933
# ls -alnRg /path/to/samba/shares/ |grep -c XXXXX222
1

Any thoughts/explanation as to what might be going on? Should I be concerned? What can I do to resolve these discrepancies?

Question information

Language:
English Edit question
Status:
Expired
For:
Ubuntu samba Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:

This question was originally filed as bug #673777.

Revision history for this message
Launchpad Janitor (janitor) said : 		#1

This question was expired because it remained in the 'Open' state without activity for the last 15 days.