Ubuntu 6.06 and winbind/getent

[webman]

We have a couple of Ubuntu 6.06 servers here, both set up very similar to this.

On only one of our servers, getent passwd isn't pulling across all of the domain accounts; but wbinfo -u is.

Code:

admin@bbs-ftp-001:/$ wbinfo -u|grep craig.rodway
craig.rodway
admin@bbs-ftp-001:/$ getent passwd|grep craig.rodway
admin@bbs-ftp-001:/$

Here's part of the /var/log/samba/log.winbindd file after running getent passwd:

Code:

[2007/09/21 14:40:12, 0] tdb/tdbutil.c:tdb_log(772)
  tdb(/var/lib/samba/winbindd_idmap.tdb): rec_read bad magic 0x42424242 at offset=290584
[2007/09/21 14:40:12, 0] tdb/tdbutil.c:tdb_log(772)
  tdb(/var/lib/samba/winbindd_idmap.tdb): rec_free_read bad magic 0x42424242 at offset=290836
[2007/09/21 14:40:12, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(85)
  error getting user id for sid S-1-5-21-1614895754-1060284298-839522115-2607
[2007/09/21 14:40:12, 1] nsswitch/winbindd_user.c:winbindd_getpwent(715)
  could not lookup domain user BBS-TSS-001$
[2007/09/21 14:40:12, 0] tdb/tdbutil.c:tdb_log(772)
  tdb(/var/lib/samba/winbindd_idmap.tdb): rec_free_read bad magic 0x42424242 at offset=290836
[2007/09/21 14:40:12, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(85)
  error getting user id for sid S-1-5-21-1614895754-1060284298-839522115-6107

.....
[2007/09/21 14:40:12, 0] tdb/tdbutil.c:tdb_log(772)
  tdb(/var/lib/samba/winbindd_idmap.tdb): rec_read bad magic 0x42424242 at offset=290248
[2007/09/21 14:40:12, 0] tdb/tdbutil.c:tdb_log(772)
  tdb(/var/lib/samba/winbindd_idmap.tdb): rec_read bad magic 0x42424242 at offset=290164
[2007/09/21 14:40:12, 0] tdb/tdbutil.c:tdb_log(772)
  tdb(/var/lib/samba/winbindd_idmap.tdb): rec_free_read bad magic 0x42424242 at offset=290836
[2007/09/21 14:40:12, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(85)
  error getting user id for sid S-1-5-21-1614895754-1060284298-839522115-3439
[2007/09/21 14:40:12, 1] nsswitch/winbindd_user.c:winbindd_getpwent(715)
  could not lookup domain user primary108

It's a bit of a problem as I have a script that sets permission on directories and need to use winbind for PAM authentication.

Samba version is 3.0.22 on both Ubuntu 6.06 servers. We also have 2 other CentOS boxes with similar Samba/AD integration and their getent passwd is working fine (eg. returning the same domain users as wbinfo -u does)

Anybody had similar problems or know where I can start to diagnose this?

Cheers

[Geoff]

the idmap database is corrupt. Restore the file from backup.

[webman]

Ok, hypothetically speaking, say I'd forgotten to include tdbbackup in my backup script... would it be possible to re-generate the TDB file?

[Geoff]

No, your only other option is to delete it. Then if you restart samba, it'll generate a fresh, empty one. However you'll then lose your unix id <-> NT SSID mappings. Which could be tedious.

[webman]

Okay. That shouldn't be too much of a problem I don't think. My current cron script that creates home directories recursively chmod/chowns the home directories to their username. That should work with a new idmap DB shouldn't it?

Thanks Geoff.

[Geoff]

yes, that should be fine

[webman]

Cool. Cheers Geoff

EDIT: It's now worked, all permissions/ownerships have been reset using newly-generated uids