On Thu, Mar 17, 2011 at 04:02:29PM +0300, Vladimir Vassiliev wrote: > > Hi all, > > i use Samba 3.5.6 in ads mode (Windows 2008R2) with ldap idmap backend. > Servers run Centos 4 and 5. > I can't cope with next issue for long time. > > On all servers in domain winbind constantly tries to create mapping for > <SID>-513 > and fails because of already existing entry. > It just wastes gid range.
<DOMAIN-SID>-513 is the Domain Users group. > > Note that <SID> is not SID of main domain but another which name > equal to hostname. For example on host FMS in domain CORP I have: > > wbinfo --all-domains > BUILTIN > FMS > CORP Why have you created a local computer domain, out of interest? Windows does this, but you don't have to do it with samba. This has been the cause of your problem; winbind is trying to map both <CORP-SID>-513 and <FMS-SID>-513 to the same local group. -- Bruce Bitterly it mathinketh me, that I spent mine wholle lyf in the lists against the ignorant. -- Roger Bacon, "Doctor Mirabilis" -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba