Bug 10335 - net groupmap cleanup cleans wrong
net groupmap cleanup cleans wrong
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind
All All
: P5 normal
: ---
Assigned To: Samba QA Contact
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2013-12-19 11:57 UTC by Björn Jacke
Modified: 2013-12-19 11:57 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Björn Jacke 2013-12-19 11:57:43 UTC
the builtin domain is also stored in the group mapping tdb.

"net groupmap cleanup" however deletes all mappings from SIDs that are not the own SID. The domain SID S-1-5-32 should also be excluded by the cleanup accordingly, shouldn't it?

On the other hand it would be nice if the "net groupmap cleanup" command would recognice if the Unix IDs of the defined mappings fit to the configured winbind idmap ranges. For example when the builtin\users group was created on the server, "net groupmap list" lists the mapping by name not by number. Only the --verbose switch will also show the numeric posix ID. If the idmap ranges had been shifted one day, it will not be obvious that there is trouble waiting because there is an old sid<>id maping from the previous configuration for a range that belongs to another domain now actually. "net groupmap cleanup" should issue a warning in cases like that.