Thakowbbery 08-29-2005 11:19 AM

Problem with Winbind mapping GID to Windows groups
(It's a long post, but I really need help)

Good morning

The problem I have is kinda of strange, so here it is.
I managed, sometime ago, to make Active Directory users to log into a FC3 using SAMBA+Winbind.
Strangely, all o sudden, some problems started to happen.

At first, I tried removing the FC from the domain and adding it again.

So, the steps:

1) kinit user@domain - OK
2) net ads join - Here comes the first problem. I'm inside a Windows subdomain (SRSP.DPF). The main domain is in another state, and every other state has a subdomain connected to the main domain (DPF). That makes about +-10 DC around the country. The users bases are separated one from the other, so each states has its own. In the past, I had a problem where Winbind would search for users in all the 10 DC, which caused a timeout service. I solved that by adding the "allow trusted domains = no" option. But now, two months later, it seemed like that option is now being ignorated. I solved that problem again by removing the * in "password server" and placing the local DC IP. - OK
3) Started Services (smbd/nmbd/winbindd) - OK
4) wbinfo -u/wbinfo -g/wbinfo -t - OK
5) getent passwd/getent group - OK

Now the problems:

1) If I type 'id henrique.hcm' (that's my user), I'll receive the following:
uid=11608(henrique.hcm) gid=10000 grupos=10000,10006,10013,10036,10101,10103,10104

As you can see, the UID is mapped to the user name, but the GID's are not mapped to the groups names (very weird, because the appear perfectly in getent group).

2) If I try, following the example above, "getent group 10000", I'll receive no message at all, like the group didn't exist.
3) After a few minutes (very shortly in fact), if I type "id henrique.hcm" again, I'll receive a "unknow user" message. That can be solved by typing "getent passwd" again, but I can't be doing that all the time.

The most strange part is that those problems started from nowhere, all of a sudden.
Other strange thing is that it seens to apply only to Fedora/Red Hat, because I have a server running Slackware and its Winbind/SAMBA are working perfectly. Also, everyone that had a problem like that seemed to be running a Fedora or Red Hat.

