Bug 11856 - Inconsistent id mapping between winbind(d)/nss and file service
Summary: Inconsistent id mapping between winbind(d)/nss and file service
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.2.11
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
Depends on:
Reported: 2016-04-19 14:51 UTC by Tim Eberhardt
Modified: 2020-12-23 12:03 UTC (History)
1 user (show)

See Also:

Glabal section of smb.conf (1.34 KB, text/plain)
2016-04-19 15:04 UTC, Tim Eberhardt
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Eberhardt 2016-04-19 14:51:11 UTC
In the past (most noticeable since the upgrade from 4.1 to 4.2 and especially now since 4.2.11) we had some trouble with id mappings on our DC, which also acts as file server.

At first we used the default winbindd. When we made a getent or id call for a user/group, then for some accounts it returned the unix id (10000+) and for some the internal id (300000+).

Because of this and problems with ACLs we switched to the internal winbind. Now mappings via NSS (getent, id, ...) seem to be consistent and always return the unix ids. But when we set permission under Windows, this process eventually (only in some cases) still uses the internal ids and writes them to the ACLs. We then have to manually add the correct unix user/group id to the ACLs, so the user can use the folder in the way he should.
Comment 1 Tim Eberhardt 2016-04-19 15:04:34 UTC
Created attachment 12008 [details]
Glabal section of smb.conf
Comment 2 Rowland Penny 2020-12-23 12:03:35 UTC
Closing this, this was undoubtedly caused by an incorrectly configured smb.conf (half DC and half Unix domain member)