samba - Feb 2007 - Re: Active Directory Authentication working only for a subset of accounts-SOLVED

Apparently our winbindd_idmap.tdb was corrupt.

We did a net idmap dump to get what we could out of it, shutdown
winbind, net idmap restore, and restarted winbind and everything looks
good.  We had to chgrp and chown some small handfull of files but not
many because luckily this server never made it to production (because
we discovered this problem early on).



On 2/6/07, Ramius <m.ramius@gmail.com> wrote:
> I'm trying to use samba with A/D integration for authenticating shares
> (security=ads in smb.conf).  It works, mostly.  But there are several
> dozen accounts that I have identified (and probably many more which I
> haven't identified) for which it DOES NOT work.  I can see no
> significant difference between the accounts, and I get mixed results
> using wbinfo ( as reported below ).  Any advice?
>
> smbclient -V
> Version 3.0.23c-2
>
>
> EXAMPLE WHERE EVERYTHING WORKS
> =============================> wbinfo -u | grep tester
>   FOO+tester
> wbinfo -n tester
>   S-1-5-21-1708926621-995487588-1868020167-1151 User (1)
> wbinfo -s S-1-5-21-1708926621-995487588-1868020167-1151
>   FOO+tester 1
> wbinfo -i FOO+tester
>   FOO+tester:*:23827:20000:Kevin Test:/home/FOO/tester:/bin/bash
> wbinfo -S S-1-5-21-1708926621-995487588-1868020167-1151
>   23827
>
> EXAMPLE WITH MIXED RESULTS
> =========================> wbinfo -u | grep testuser1
>   FOO+testuser1
> wbinfo -n testuser1
>   S-1-5-21-1708926621-995487588-1868020167-1164 User (1)
> wbinfo -s S-1-5-21-1708926621-995487588-1868020167-1164
>   FOO+testuser1 1
>
> wbinfo -i FOO+testuser1
>   Could not get info for user FOO+testuser1
> wbinfo -S S-1-5-21-1708926621-995487588-1868020167-1164
>   Could not convert sid S-1-5-21-1708926621-995487588-1868020167-1164 to
uid
>