Hello all. I have a RHEL3 box with the stock 3.0.9-1.3E.2 build of Samba. Winbind is setup and connected properly and has been running fine for over a year. But winbind no longer recognizes my userid. My active directory account was not deleted, moved, or edited at any point around the time of this incident. Tests - assuming user is jdoe and AD Domain is AD_DOM: wbinfo -a jdoe%password completes with success. wbinfo -n jdoe completes with success and reports "S-1-5-21-1708537768-776561741-1177238915-1127 User (1)" wbinfo -s S-1-5-21-1708537768-776561741-1177238915-1127 completes with success and reports "AD_DOM+JDoe 1" wbinfo -S S-1-5-21-1708537768-776561741-1177238915-1127 fails and reports "Could not convert sid S-1-5-21-1708537768-776561741-1177238915-1127 to uid" wbinfo -u|grep jdoe reports nothing and confirms my suspicions. So I have lost the database entry for my userid to sid. I attempted to recreate the user using wbinfo -c jdoe, but while the command line reported "Generated user with RID 3000" I am still not able to be seen as a valid account on the system. I am assuming that I would need to reenter my uid -> sid mapping into the database. - How can I go about this? I know my old uid was 1001. - Can I load a backup database from before this incident? If so, will it add AD users into the database again that have been added since the backup copy? Please help! -Thanks so much, Peter.
> wbinfo -u|grep jdoe reports nothing and confirms my suspicions.AFAIK wbinfo -u queries the AD server for all users, I don't think it checks any caches. It looks like this account has disappeared from AD. If not, you could try temporarily deleting/moving all the winbind .tdb files which would cause the cache to be wiped and rebuilt (and all your UIDs to change, until you put the old files back again) just to see whether the cache is at fault or whether your account has disappeared from AD. Cheers, Adam.
> Adam, > Thanks for the reply! Well I know that the account still exists in > AD. It happens to be my account. :-P I guess that it is better than > an end user's account. > I know that the account exists as on the windows side, I can logon to > my pc, exchange server, etc. and they all run off of the AD.Hmm, that's odd then, are you sure the right server(s) is/are listed in /etc/krb5.conf? It may be possible that you're connecting to a server that's not being updated correctly (if you have more than one.)> I was afraid to delete the .tdb files... but I can give that a > shot. I do have a backup of the .tdb files from some time ago, > could I use them? If so, would the users that have been added since > then get readded (although maybe not in the right order)?It's probably best to take a new backup, because I suspect that removing them won't make a difference, in which case you'll want to put them back again so that all your users are there in the correct order. And yes, if you use old backups any users added since the backups were taken will be re-added, although almost certainly in the wrong order. Cheers, Adam.