Bug 13054 - Running 'wbinfo -G 100' on a DC resets Domain Users ID number
Running 'wbinfo -G 100' on a DC resets Domain Users ID number
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind
unspecified
All All
: P5 normal
: ---
Assigned To: Samba QA Contact
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-09-26 14:30 UTC by Rowland Penny
Modified: 2017-10-10 05:59 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Rowland Penny 2017-09-26 14:30:47 UTC
If you run 'wbinfo -G 100' on a DC where Domain Users has a gidNumber attribute, the ID for Domain Users gets set to '100'

root@dc3:~# getent group Domain\ Users
SAMDOM\domain users:x:10000:
root@dc3:~# wbinfo -G 100
S-1-5-21-1768301897-3342589593-1064908849-513
root@dc3:~# wbinfo -G 10000
S-1-5-21-1768301897-3342589593-1064908849-513
root@dc3:~# wbinfo --group-info="Domain Users"
SAMDOM\domain users:x:100:
root@dc3:~# getent group Domain\ Users
SAMDOM\domain users:x:100:
root@dc3:~# net cache flush
root@dc3:~# getent group Domain\ Users
SAMDOM\domain users:x:10000:

As you can see, 'net cache flush' has to be run to fix this.
Comment 1 Rowland Penny 2017-10-09 19:03:33 UTC
It now seems that it could be ANY user or group that has an xidNumber in idmap.ldb and a uidNumber or gidNumber in AD, has this problem.

Stefan G. Weichinger has just posted this on the Samba mailing list:

# wbinfo --group-info="domain admins"
ARBEITSGRUPPE\domain admins:x:3000013:

# net cache flush
# wbinfo --group-info="domain admins"
ARBEITSGRUPPE\domain admins:x:10512: