Hi there I've been having a problem with Samba for over a year now where once in a while winbind "corrupts" the association between SIDs and UIDs. I just had a doozie of an example of this tonight where a user connected to a Samba share and somehow managed to have two different AD accounts associated with the same connection! I know this is corruption (and not some terminal server skulduggery) because one of the accounts is mine and I know I'm not currently logged into this user's workstation :-) This is a heinous error as the user creates files and they're owned by someone else (some of the time?) PID Username Group Machine ------------------------------------------------------------------- 6532 DOM1\userA DOM1\group1 192.168.2.248 6532 DOM2\userB DOM2\group2 192.168.2.248 Service pid machine Connected at ------------------------------------------------------- sharename1 6532 192.168.2.248 Mon Dec 17 08:21:33 2012 sharename1 6532 192.168.2.248 Mon Dec 17 05:51:56 2012 Locked files: Pid Uid DenyMode Access R/W Oplock SharePath Name Time -------------------------------------------------------------------------------------------------- 6532 10001 DENY_NONE 0x100081 RDONLY NONE /path/dir1 dir2 Mon Dec 17 05:51:57 2012 6532 10000 DENY_NONE 0x100081 RDONLY NONE /path/dir1 dir2 Mon Dec 17 08:21:34 2012 As you can see, the smbd PID is the same, the IP address is the same - but there are somehow two usernames attached, each with different UIDs. The problem has existed for many versions of 3.5.X (currently on 3.5.16). I'm primarily running CentOS-4 with hand-built 3.5.16, but have also seen this happen once a couple of months ago on a "pure" CentOS-6.3 running vendor-supplied samba-3.5.10 - so it's not related to us primarily running older systems. To fix simply involves "rm -f /var/lib/samba/*cache* /var/lib/samba/*winb*tdb" and restarting winbind - so I'm sure it's corruption? (restarting winbind with the old cache files doesn't fix the problem) Any ideas how to fix this? Thanks Jason
restarting smbd would reset that connection, this is no winbind thing. You probably had been connected to that workstation in the past. And I've seen also Windows workstations which did not close connections after logging off. In that case smbd will show that connection later on, even if other users logged on that workstation again. This is how it is.
(In reply to comment #1) > restarting smbd would reset that connection, this is no winbind thing. You > probably had been connected to that workstation in the past. And I've seen also > Windows workstations which did not close connections after logging off. In that > case smbd will show that connection later on, even if other users logged on > that workstation again. This is how it is. Well that's not what happened for us. We did restart both smb and winbind and the user reconnects and gets the same incorrect UID. Only trashing the winbind cache fixes it. Also I absolutely have never connected to that machine before: I'm in New Zealand and it was in some US city - and I don't run Windows normally anyway :-)