Ubuntu
samba package

winbind tools don't seem to agree on idmappings

Bug #673777 reported by Scott Saunders

This bug report was converted into a question: question #135584: winbind tools don't seem to agree on idmappings.

6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Invalid
Low
Unassigned

Bug Description

Binary package hint: samba

# lsb_release -rd
Description: Ubuntu 10.04.1 LTS
Release: 10.04
# uname -a
Linux kuat 2.6.32-24-server #39-Ubuntu SMP Wed Jul 28 06:21:40 UTC 2010 x86_64 GNU/Linux
# apt-cache policy samba
samba:
  Installed: 2:3.4.7~dfsg-1ubuntu3.1
  Candidate: 2:3.4.7~dfsg-1ubuntu3.2
  Version table:
     2:3.4.7~dfsg-1ubuntu3.2 0
        500 http://us.archive.ubuntu.com/ubuntu/ lucid-updates/main Packages
        500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages
 *** 2:3.4.7~dfsg-1ubuntu3.1 0
        100 /var/lib/dpkg/status
     2:3.4.7~dfsg-1ubuntu3 0
        500 http://us.archive.ubuntu.com/ubuntu/ lucid/main Packages
     3.0.28a-1ubuntu4.13 0
        500 http://us.archive.ubuntu.com/ubuntu/ hardy-updates/main Packages

The following has got me a little worried. I noticed the XXXXX222 GID showing up after I recently deleted a couple keys using tdbtool, one of which was an SID linked to GID XXXXX218 which was causing permission issues because it was one of two SIDs pointing to the same GID (if it's any interest, the key I deleted was the SID for the windows BUILTIN\NETWORK group). Deleting the key seemed to resolve that issue. What follows is what I am seeing since that change. Note: I have replaced parts of the GIDs and SIDs with X's. Between the two GIDs in question the prefix is the same and they both link to the exact same SID. There is at least one other group I'm aware of that I am seeing this problem with as well. First of all I don't understand why I now have two GIDs pointing to the same SID. Secondly, I get varying responses from wbinfo, tdbtool, and net idmap dump - who do I trust?

wbinfo shows
# wbinfo --gid-info XXXXX218
DOMAIN\domain admins:x:XXXXX222
# wbinfo --gid-info XXXXX222
DOMAIN\domain admins:x:XXXXX222
# wbinfo -G XXXXX218
S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-512
# wbinfo -G XXXXX222
S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-512
# wbinfo -Y S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-512
XXXXX222

tdbtool shows
tdbtool /var/lib/samba/winbindd_idmap.tdb
tdb> show GID\ XXXXX218\0
fetch failed
tdb> show GID\ XXXXX222\0
key 13 bytes
GID XXXXX222
data 46 bytes
S-1-5-21 -XXXXXXX
XXX-XXXX XXXXXX-X
XXXXXXXX X-512

idmap dump shows
net idmap dump /var/lib/samba/winbindd_idmap.tdb |grep GID|egrep XXXXX\(218\|222\)|less
GID XXXXX218 S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-512
notice GID XXXXX222 does not show up here

number of files currently owned by this group/these GIDs
# ls -alRg /path/to/samba/shares/ |grep -c 'DOMAIN\\domain admins'
41934
# ls -alnRg /path/to/samba/shares/ |grep -c XXXXX218
41933
# ls -alnRg /path/to/samba/shares/ |grep -c XXXXX222
1

Any thoughts/explanation as to what might be going on? Should I be concerned? What can I do to resolve these discrepancies?

See original description
Scott Saunders (ssaunders)
description: updated
description: updated
Mathias Gug (mathiaz)
Changed in samba (Ubuntu):
importance: Undecided → Low
Chuck Short (zulcss)
Changed in samba (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.