samba - Jul 2012 - Change winbindd UID mapping

Hi,

I'm running Samba 3.6.6 on Ubuntu Quantal.

I have a need to manually assign some of the UID mapping on a samba
domain member file server. I have used tdbtool to add the correct
mapping record to winbindd_idmap.tdb. However, I am at a loss as to
how to force that change to "propagate" so as to show in the
permissions structure of the file system and in the output of such
commands as 'getent passwd.' I have restarted all of the samba related
services including winbind.

Kind Regards,
Chris

On Fri, Jul 27, 2012 at 2:06 PM, Chris Nighswonger
<cnighswonger at foundations.edu> wrote:
> Hi,
>
> I'm running Samba 3.6.6 on Ubuntu Quantal.
>
> I have a need to manually assign some of the UID mapping on a samba
> domain member file server. I have used tdbtool to add the correct
> mapping record to winbindd_idmap.tdb. However, I am at a loss as to
> how to force that change to "propagate" so as to show in the
> permissions structure of the file system and in the output of such
> commands as 'getent passwd.' I have restarted all of the samba
related
> services including winbind.
>
Let me try this from a different angle:

What is going wrong in this sequence?

root at codex:/netdrives/shared getent passwd | grep jdoe
jdoe:*:10001:15049:John Doe:/home/DOMAIN/jdoe:/bin/false

root at codex:/netdrives/shared wbinfo -U 10001
S-1-5-21-4035875638-3479806162-98682827-1010

root at codex:/netdrives/shared wbinfo --set-uid-mapping
10046,S-1-5-21-4035875638-3479806162-98682827-1010
uid 10046 now mapped to sid S-1-5-21-4035875638-3479806162-98682827-1010

BUT....

root at codex:/netdrives/shared wbinfo -U 10046
S-1-5-21-1547161642-436374069-854245398-1243

AND....

root at codex:/netdrives/shared getent passwd | grep jdoe
jdoe:*:10001:15049:John Doe:/home/DOMAIN/jdoe:/bin/false

RATHER THAN....

10046 being mapped to S-1-5-21-4035875638-3479806162-98682827-1010

which is what I would expect after performing the above sequence.

I have repeatedly deleted winbindd_idmap.tdb, netsamlogon_cache.tdb,
and winbindd_cache.tdb with no effect.

Incidentally, I also tried this:

root at codex:/netdrives/shared wbinfo --remove-uid-mapping
10001,S-1-5-21-4035875638-3479806162-98682827-1010
Could not remove uid to sid mapping

Which I would have expected to have removed that mapping, but for some
reason it does not.

tdbtool shows this:

key 10 bytes: UID 10001
key 45 bytes: S-1-5-21-4035875638-3479806162-98682827-1010

Any help would be greatly appreciated.

Kind Regards,
Chris

Sorry, I forgot to cc the list....

On Mon, Jul 30, 2012 at 10:36 AM, Jonathan Buzzard
<jonathan at buzzard.me.uk> wrote:
>
> Not read it in detail but the file system stores UID's and GID's.
So if you
> change the mapping then you have to change the UID of *EVERY* file and
> folder on the file system to the new UID.
>
> Look and the man page for find. It sucks so don't change mappings
unless
> absolutely necessary.
Indeed, find is my friend in this case! Thanks a million for the pointer.

Unfortunately I am forced to change the UID's on this directory
structure, but find is working very nicely.

Kind Regards,
Chris