Hi!

I'm apologize for my poor English, but have a question.
This question is a shorter than one i posted not so long ago (https://lists.samba.org/archive/samba/2013-September/175649.html) and received no answer for a while. In this question i took a log from the different server, but this is no matter: the problem persists on all of my servers.
So, my OS is FreeBSD 9.0, my Samba is 3.6.18 acts as a domain member.
Suppose i have a local group "samba_sge_public_createdir", created with "NET SAM CREATELOCALGROUP". "getent" and "wbinfo" shows this group with GID 30002 and SID S-1-5-21-2085021927-1344845373-2015074135-1012. But, "net idmap dump" shows this group with GID 30008 and shows no group with GID 30002 at all.

[root@srv-8cf8 ~]# getent group samba_sge_public_createdir
SRV-8CF8\samba_sge_public_createdir:x:30002
[root@srv-8cf8 ~]# wbinfo --gid-to-sid 30002
S-1-5-21-2085021927-1344845373-2015074135-1012
[root@srv-8cf8 ~]# wbinfo --sid-to-gid S-1-5-21-2085021927-1344845373-2015074135-1012
30002
[root@srv-8cf8 ~]# net idmap dump
dumping id mapping from /var/db/samba/winbindd_idmap.tdb
GID 30013 S-1-5-21-2085021927-1344845373-2015074135-513
GID 30009 S-1-5-21-2085021927-1344845373-2015074135-1010
GID 30024 S-1-5-21-2085021927-1344845373-2015074135-1023
GID 30014 S-1-5-21-2085021927-1344845373-2015074135-1014
GID 30006 S-1-5-11
GID 30007 S-1-5-32-546
GID 30018 S-1-5-21-2085021927-1344845373-2015074135-1018
GID 30010 S-1-5-21-2085021927-1344845373-2015074135-1011
USER HWM 30002
GID 30022 S-1-5-21-2085021927-1344845373-2015074135-1021
UID 30000 S-1-5-21-2085021927-1344845373-2015074135-1015
GID 30008 S-1-5-21-2085021927-1344845373-2015074135-1012
GID 30023 S-1-5-21-2085021927-1344845373-2015074135-1022
UID 30001 S-1-5-21-2085021927-1344845373-2015074135-1016
GID 30004 S-1-1-0
GID 30005 S-1-5-2
GROUP HWM 30025
GID 30011 S-1-5-21-2085021927-1344845373-2015074135-1013
[root@srv-8cf8 ~]# net cache list|grep S-1-5-21-2085021927-1344845373-2015074135-1012 Key: IDMAP/GID2SID/30002 Timeout: Tue Sep 24 10:41:25 2013 Value: S-1-5-21-2085021927-1344845373-2015074135-1012 Key: IDMAP/GID2SID/30008 Timeout: Tue Sep 17 12:24:22 2013 Value: S-1-5-21-2085021927-1344845373-2015074135-1012 (expired) Key: IDMAP/SID2GID/S-1-5-21-2085021927-1344845373-2015074135-1012 Timeout: Tue Sep 24 10:41:25 2013 Value: 30002

Such a problem arise from time to time and my users can't access to shares because samba thinks they don't a members of a certain group.
Help me, please. How can I solve the problem? I'm really troubled:(

My Samba global config:
[global]
        dos charset = CP866
        workgroup = HTS
        realm = HTS.KH.UA
        server string =
        security = ADS
        map to guest = Bad Password
        local master = No
        wins server = 192.168.32.5
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind expand groups = 3
        winbind nss info = rfc2307
        winbind max domain connections = 50
        idmap config HTS : schema_mode = rfc2307
        idmap config HTS : range = 10000-29999
        idmap config HTS : backend = ad
        idmap config HTS : default = yes
        idmap config * : range = 30000-59999
        idmap config * : backend = tdb



--
Best regards,
Pavel
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to