Re: [Samba] winbind creating duplicate users

Thu, 30 Jun 2005 23:28:50 -0700 

what are your relevant smb.conf entries?

greez

Ian Clancy wrote:

Hi everybody,
I'm having a problem with winbind creating 2 entries for some of my users that really wrecking my head ;-/ . 
My situation is as follows :
I have a typical Samba (3.0.14a)/LDAP setup. I have a trusted domain (another Samba/LDAP setup) and use winbind to map the users from the foreign domain, with the UID to SID mappings stored in LDAP . This works very well. 
The relevant part of my nsswitch.conf file is as follows :

passwd:     files ldap winbind
shadow:     files ldap winbind
group:      files ldap winbind

When i 'getent passwd' on a domain member server the following are listed:
1.) local user accounts
2.) accounts resolved via LDAP (UID 5'000+)
3.) winbind resolved accounts from the foreign domain (i.e. FDOMAIN+user) UID = 10'000 +
This was all working fine for a while. However, recently i noticed that winbind began storing additional UID to SID mappings for members of the local domain in LDAP. So when i ran e.g. 'getent passwd | grep brightstop' i would get 2 entries for the 1 user account, 1 resolved from LDAP, the other from winbind 

brightstor:x:5586:513:System User:/home/brightstor:/bin/false
brightstor:x:10168:513:Brightstor:/home/CEL/brightstor:/bin/false

This occurs for some accounts but not others:
pdbedit on this account returns :

[EMAIL PROTECTED] etc]# pdbedit -Lv brightstor
init_sam_from_ldap: Entry found for user: brightstor
Unix username:        brightstor
NT username:          brightstor
Account Flags:        [UX         ]
User SID:             S-1-5-21-193554404-1789558652-91453608-12172
Primary Group SID:    S-1-5-21-193554404-1789558652-91453608-513
Full Name:            Brightstor
Home Directory:
HomeDir Drive:
Logon Script:         scripts\tedmap.bat
Profile Path:
Domain:               TED
Account desc:         System User
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Tue, 19 Jan 2038 03:14:07 GMT
Kickoff time:         Tue, 19 Jan 2038 03:14:07 GMT
Password last set:    Tue, 28 Jun 2005 10:53:57 GMT
Password can change:  Tue, 28 Jun 2005 10:53:57 GMT
Password must change: Tue, 19 Jan 2038 03:14:07 GMT
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Even when i stop winbind, delete winbindd_cache.tdb and winbindd_idmap.tdb and delete the bad entries from the LDAP Directory the problem returns ?. 

Can anone make sence of this behaviour ?.
Thanks




--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to