Bug 982 - tdbsam: multiple machine accounts with the same RID
tdbsam: multiple machine accounts with the same RID
Status: CLOSED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts
3.0.1
All Linux
: P3 normal
: none
Assigned To: Samba Bugzilla Account
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-01-17 02:46 UTC by David Schmitt
Modified: 2005-08-24 10:16 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description David Schmitt 2004-01-17 02:46:48 UTC
At a site I have samba as DC, the users in LDAP (centrally managed) and the
machine accounts in a local tdbsam like this:

passdb backend = tdbsam:/etc/samba/smbpasswd ldapsam_compat:ldap://localhost guest

There are quite a few clients joining and leaving the domain every week and now
and then it sometimes happenes, that two or three machines end up with the same
RID in the tdbsam. As you can imagine this is quite annoying since only one of
those machines can log into the domain. Removing one of the affected clients
from the domain doesn't help, as it removes the reverse RID mapping from the
tdb, thus disabling all other clients with this RID. First level support already
had their days running around and re-joining clients to the domain and
circularily disabling clients.



I know, that is quite sketchy, but I'll try to supply additional information as
needed.
Comment 1 Gerald (Jerry) Carter 2005-02-05 07:39:52 UTC
The initial rid should be based on the actual uid 
assigned to the machine's unix account.  Please retest 3.0.11
and reopen if necessary.
Comment 2 Gerald (Jerry) Carter 2005-08-24 10:16:01 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.