Hi!
I'm apologize for my poor English, but have a question.
This question is a shorter than one i posted not so long ago
(https://lists.samba.org/archive/samba/2013-September/175649.html) and
received no answer for a while. In this question i took a log from the
different server, but this is no matter: the problem persists on all of
my servers.
So, my OS is FreeBSD 9.0, my Samba is 3.6.18 acts as a domain member.
Suppose i have a local group "samba_sge_public_createdir", created with
"NET SAM CREATELOCALGROUP".
"getent" and "wbinfo" shows this group with GID 30002 and SID
S-1-5-21-2085021927-1344845373-2015074135-1012.
But, "net idmap dump" shows this group with GID 30008 and shows no group
with GID 30002 at all.
[root@srv-8cf8 ~]# getent group samba_sge_public_createdir
SRV-8CF8\samba_sge_public_createdir:x:30002
[root@srv-8cf8 ~]# wbinfo --gid-to-sid 30002
S-1-5-21-2085021927-1344845373-2015074135-1012
[root@srv-8cf8 ~]# wbinfo --sid-to-gid
S-1-5-21-2085021927-1344845373-2015074135-1012
30002
[root@srv-8cf8 ~]# net idmap dump
dumping id mapping from /var/db/samba/winbindd_idmap.tdb
GID 30013 S-1-5-21-2085021927-1344845373-2015074135-513
GID 30009 S-1-5-21-2085021927-1344845373-2015074135-1010
GID 30024 S-1-5-21-2085021927-1344845373-2015074135-1023
GID 30014 S-1-5-21-2085021927-1344845373-2015074135-1014
GID 30006 S-1-5-11
GID 30007 S-1-5-32-546
GID 30018 S-1-5-21-2085021927-1344845373-2015074135-1018
GID 30010 S-1-5-21-2085021927-1344845373-2015074135-1011
USER HWM 30002
GID 30022 S-1-5-21-2085021927-1344845373-2015074135-1021
UID 30000 S-1-5-21-2085021927-1344845373-2015074135-1015
GID 30008 S-1-5-21-2085021927-1344845373-2015074135-1012
GID 30023 S-1-5-21-2085021927-1344845373-2015074135-1022
UID 30001 S-1-5-21-2085021927-1344845373-2015074135-1016
GID 30004 S-1-1-0
GID 30005 S-1-5-2
GROUP HWM 30025
GID 30011 S-1-5-21-2085021927-1344845373-2015074135-1013
[root@srv-8cf8 ~]# net cache list|grep
S-1-5-21-2085021927-1344845373-2015074135-1012
Key: IDMAP/GID2SID/30002 Timeout: Tue Sep 24 10:41:25 2013
Value: S-1-5-21-2085021927-1344845373-2015074135-1012
Key: IDMAP/GID2SID/30008 Timeout: Tue Sep 17 12:24:22 2013
Value: S-1-5-21-2085021927-1344845373-2015074135-1012 (expired)
Key: IDMAP/SID2GID/S-1-5-21-2085021927-1344845373-2015074135-1012
Timeout: Tue Sep 24 10:41:25 2013 Value: 30002
Such a problem arise from time to time and my users can't access to
shares because samba thinks they don't a members of a certain group.
Help me, please. How can I solve the problem? I'm really troubled:(
My Samba global config:
[global]
dos charset = CP866
workgroup = HTS
realm = HTS.KH.UA
server string =
security = ADS
map to guest = Bad Password
local master = No
wins server = 192.168.32.5
winbind enum users = Yes
winbind enum groups = Yes
winbind expand groups = 3
winbind nss info = rfc2307
winbind max domain connections = 50
idmap config HTS : schema_mode = rfc2307
idmap config HTS : range = 10000-29999
idmap config HTS : backend = ad
idmap config HTS : default = yes
idmap config * : range = 30000-59999
idmap config * : backend = tdb
--
Best regards,
Pavel
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
