UIDs changing with AD

Status
Not open for further replies.

pauldugas

Cadet
Joined
Jan 3, 2013
Messages
4
I have a 8.3.0 box setup to auth against a WinServer 2012 DC. After turning on Active Directory in the web interface, running "getent passwd" is showing the combined local and domain accounts as expected. The UIDs for the domain accounts are what I expect; 20000 + the last token from the user's SID. Strangely though, a few minutes later I run "getent passwd" again and some of the user's UIDs have changed to values in the 10000's instead of the 20000's they were initially. Restarting Active Directory in the GUI restores the UIDs to the 20000's I expect. No idea what's happening to cause this but I've repeated it a number of times.

Any Samba guru's out there able to help me track this down?
 

pauldugas

Cadet
Joined
Jan 3, 2013
Messages
4
Hmmm... After restarting AD on the FreeNAS box, "getent passwd" reports the correct UIDs and seems to stay that way while the machine is idle. At least it does for the 20 mins it took me to go get coffee and answer some calls. However, I was poking around on the file system when I got back and ran "ls" in the mountpoint for my single ZFS volume; /mnt/tank. That volume contains a number of ZFS datasets with with permissions so the owning user is "admin" (an AD account) and the group is "Domain Users". As soon as ran the "ls", the UID for "admin" changed from 21115 to 10001 in the "getent passwd" ouput. I repeated this a couple times. Also moved down to /mnt/tank/users where I have a handful of directories owned by domain users. When I "ls" in that directory, the UIDs for those users get hosed as well.

Very weird but seems like it could be helpful for someone with more Samba/FreeNAS foo that I.
 

pauldugas

Cadet
Joined
Jan 3, 2013
Messages
4
Progress... I disabled AD on the FreeNAS box then cd'd out to the volume. "ls -nl" showed the owner UIDs for a number of the dataset directories using 10001 which is the errant UID that "admin" was getting as described above. I chown'd them to the UID in the 20000's the admin user is supposed to have then restarted AD. The output from "getent passwd" seems to be stable now.

Maybe invalid idmap data was cached somewhere and being pulled in when an invalid/unknown UID is seen? Anybody know where that cache would be and how to clear it?
 

pauldugas

Cadet
Joined
Jan 3, 2013
Messages
4
yeah, I did that but the errant UIDs in the 10000's kept appearing as described. It appears to be working as expected for me now after manually setting the owner IDs on those files using their UID number instead of name.
 
Status
Not open for further replies.
Top