Cameron Villers
2010-Feb-10 17:06 UTC
[Samba] Users created after certain date are not cached by winbind
It seems that I have some users that winbind refuses to find. As far as I can tell, all of these users were created or re-enabled (had their expiration date reset) after a certain date. I have cleared my winbind_cache.tdb and winbind_idmap.tdb to no avail. Curiously, I also noticed that even when I removed the idmap, it still came back with the original mappings. In my winbind.log, I see numerous errors of this sort when I run 'getent passwd': [2010/02/10 12:04:30, 0] winbindd/idmap.c:201() idmap_alloc module tdb already registered! [2010/02/10 12:04:30, 0] winbindd/idmap.c:149() Idmap module passdb already registered! [2010/02/10 12:04:30, 0] winbindd/idmap.c:149() Idmap module nss already registered! [2010/02/10 12:04:30, 1] winbindd/idmap_tdb.c:445() Fatal Error: UID range full!! (max: 1000000) [2010/02/10 12:04:30, 3] winbindd/idmap.c:695() Could not allocate id: NT_STATUS_UNSUCCESSFUL [2010/02/10 12:04:30, 1] winbindd/winbindd_user.c:97() error getting user id for sid S-1-5-21-1535035888-1625807045-3321399979-4400 [2010/02/10 12:04:30, 1] winbindd/winbindd_user.c:856() could not lookup domain user foobar That sequence of errors repeats for each user that should be looked up but does not (which, as I noted, were all created on or after a certain date). However, running 'wbinfo -u' does indeed show the missing users. I've ensured that my Kerberos ticket is valid. No other users are reporting problems. What could be going on here? I am using 3.4.3 packaged from www.blastwave.org on Solaris 10 on a sparc64. The DC I am communicating with is running Windows Server 2008. [global] workgroup = COMPSCI realm = CS.HARTFORD.EDU server string = Computer Science SUN Server interfaces = 127.0.0.1/255.0.0.0, 137.49.39.15/255.255.254.0 bind interfaces only = Yes security = ADS client schannel = No password server = zephyr.cs.hartford.edu log level = 3 log file = /var/opt/csw/log/samba/%m max log size = 50 load printers = No printcap name = /dev/null disable spoolss = Yes local master = No domain master = No dns proxy = No idmap uid = 10000-1000000 idmap gid = 10000-1000000 template homedir = /export/home/%U template shell = /bin/bash winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind refresh tickets = Yes idmap alloc config:range = 10000-1000000 idmap config default:range = 10000-1000000 printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j [homes] comment = Home Directories read only = No browseable = No browsable = No [printers] comment = All Printers path = /usr/local/pkg/var/spool/samba printable = Yes browseable = No browsable = No