Bug 982 - tdbsam: multiple machine accounts with the same RID
Summary: tdbsam: multiple machine accounts with the same RID
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.1
Hardware: All Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact:
Depends on:
Reported: 2004-01-17 02:46 UTC by David Schmitt
Modified: 2005-08-24 10:16 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description David Schmitt 2004-01-17 02:46:48 UTC
At a site I have samba as DC, the users in LDAP (centrally managed) and the
machine accounts in a local tdbsam like this:

passdb backend = tdbsam:/etc/samba/smbpasswd ldapsam_compat:ldap://localhost guest

There are quite a few clients joining and leaving the domain every week and now
and then it sometimes happenes, that two or three machines end up with the same
RID in the tdbsam. As you can imagine this is quite annoying since only one of
those machines can log into the domain. Removing one of the affected clients
from the domain doesn't help, as it removes the reverse RID mapping from the
tdb, thus disabling all other clients with this RID. First level support already
had their days running around and re-joining clients to the domain and
circularily disabling clients.

I know, that is quite sketchy, but I'll try to supply additional information as
Comment 1 Gerald (Jerry) Carter (dead mail address) 2005-02-05 07:39:52 UTC
The initial rid should be based on the actual uid 
assigned to the machine's unix account.  Please retest 3.0.11
and reopen if necessary.
Comment 2 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:16:01 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.