Okay, that makes sense. The way Winbind works is it gets the RID from the Domain, and
assigns a UID number sequentially from a pool specified in smb.conf. It adds this
mapping to a database, but for
some reason it seems it keeps the database in the Samba "lock" directory. If you have
something in your startup that cleans out the lock directory, you'll lose the mapping
database every time you
reboot.
Here's some relevant stuff from the winbindd man page:
$LOCKDIR/winbindd_idmap.tdb
Storage for the Windows NT rid to UNIX user/group
id mapping. The lock directory is specified when
Samba is initially compiled using the --with-lock-
dir option. This directory is by default
/usr/local/samba/var/locks .
$LOCKDIR/winbindd_cache.tdb
Storage for cached user and group information.
And some scary stuff:
If more than one UNIX machine is running winbindd, then in
general the user and groups ids allocated by winbindd will
not be the same. The user and group ids will only be valid
for the local machine.
If the the Windows NT RID to UNIX user and group id map-
ping file is damaged or destroyed then the mappings will
be lost.
Since the SuSE supplied Samba doesn't include Winbindd, I assume you built your own,
so you'll have to find the file based on what options you used when you compiled Samba.
> -----Original Message-----
> From: Rich Smrcina [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 10, 2003 9:20 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [LINUX-390] Samba weirdness
>
>
> We are using winbind. Stopping and restarting Samba does not
> cause the
> problem, only a reboot. nsswitch.conf was modified to add
> winbind to the
> passwd and groups tags:
>
> passwd: compat winbind
> group: compat winbind
>
> That was the only change to any nsswitch settings.
>
> Once security is set, everything works great. We just can't
> boot... without
> losing the security settings.
>
> After a reboot, and I see the uid and gid values, I tried a
> lookup (eg: wbinfo
> -S `wbinfo -U 1000`) to get the proper value and it comes
> back with just the
> number. Any ideas or comments before I take this to the samba list?
>
> On Friday 10 January 2003 07:53 am, you wrote:
> > The names are just reverse translations of the UID/GID
> values. Where are
> > those mapped? passwd? NIS? LDAP? Winbind?
> >
> > The translation happens in the name-service-switch
> mechanism, controlled by
> > nsswitch.conf.
> >
> > Somewhere, your mapping database is getting reset.
> >
> > > -----Original Message-----
> > > From: Rich Smrcina [mailto:[EMAIL PROTECTED]]
> > > Sent: Thursday, January 09, 2003 6:48 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: [LINUX-390] Samba weirdness
> > >
> > >
> > > I have a Samba installation that is authenticating to a
> > > Windows NT PDC and
> > > working just peachy. All until the virtual machine is
> > > rebooted. Then all of
> > > the security that was set up for the shares and directories
> > > and files under
> > > the shares revert back to uid and gid numeric values (instead
> > > of names).
> > >
> > > Has anyone run into this before and how was it resolved.
> > > This is Samba 2.2.7a
> > > running under SLES7.
> > > --
> > > Rich Smrcina
> > > Sytek Services, Inc.
> > > Milwaukee, WI
> > > [EMAIL PROTECTED]
> > > [EMAIL PROTECTED]
> > >
> > > Catch the WAVV! Stay for Requirements and the Free for All!
> > > Update your S/390 skills in 4 days for a very reasonable price.
> > > WAVV 2003 in Winston-Salem, NC.
> > > April 25-29, 2003
> > > For details see http://www.wavv.org
>
> --
> Rich Smrcina
> Sytek Services, Inc.
> Milwaukee, WI
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
>
> Catch the WAVV! Stay for Requirements and the Free for All!
> Update your S/390 skills in 4 days for a very reasonable price.
> WAVV 2003 in Winston-Salem, NC.
> April 25-29, 2003
> For details see http://www.wavv.org
>
