A quick preamble. SAMBA 2.2.2, Redhat 6.2, Mandrake 8.1 Windows NT4.0sp6a PDC Here is an excerpt from my winbind log. Sending a packet of len 50 to (192.168.1.255) on port 137 Received a packet of len 62 from (192.168.1.20) port 137 nmb packet from 192.168.1.20(137) header: id=5433 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=DOMAIN<1c> rr_type=32 rr_class=1 ttl=300000 answers 0 char ...... hex E000C0A8000A Got a positive name query response from 192.168.1.20 ( 192.168.1.20 ) bind succeeded on port 0 Sending a packet of len 50 to (192.168.1.20) on port 137 Sending a packet of len 50 to (192.168.1.20) on port 137 could not find any domain controllers for domain DOMAIN NMAP shows ports 137,138 and 139 as being open on both my client machine and my NTsp6a PDC. smbpasswd -j DOMAIN -r PDC -U blahblah woked alright, it said i joined the domain. If in my smb.conf file that I have password server = *, then nothing works and the log say DOMAIN PASSWORD SERVER NOT FOUND. password server = PDC works though. It appears that my PDC is not responding to requests from the my samba box. Broadcast, LMHOSTS, and WINS have all been tried. Everytime my PDC's IP is resolved, followed by the message of not being able to find any domain controllers. Any clues out there?? Thanks Hans
On Tue, Nov 27, 2001 at 02:09:14PM -0800, Hans Rasmussen wrote:> A quick preamble. SAMBA 2.2.2, Redhat 6.2, Mandrake 8.1 Windows NT4.0sp6a > PDC > > Here is an excerpt from my winbind log. > > Sending a packet of len 50 to (192.168.1.255) on port 137 > Received a packet of len 62 from (192.168.1.20) port 137 > nmb packet from 192.168.1.20(137) header: id=5433 opcode=Query(0) > response=Yes > header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=DOMAIN<1c> rr_type=32 rr_class=1 ttl=300000 > answers 0 char ...... hex E000C0A8000A > Got a positive name query response from 192.168.1.20 ( 192.168.1.20 ) > bind succeeded on port 0 > Sending a packet of len 50 to (192.168.1.20) on port 137 > Sending a packet of len 50 to (192.168.1.20) on port 137 > could not find any domain controllers for domain DOMAIN > > > > NMAP shows ports 137,138 and 139 as being open on both my client machine and > my NTsp6a PDC. smbpasswd -j DOMAIN -r PDC -U blahblah woked alright, it > said i joined the domain. If in my smb.conf file that I have password > server = *, then nothing works and the log say DOMAIN PASSWORD SERVER NOT > FOUND. password server = PDC works though. It appears that my PDC is not > responding to requests from the my samba box. Broadcast, LMHOSTS, and WINS > have all been tried. Everytime my PDC's IP is resolved, followed by the > message of not being able to find any domain controllers. Any clues out > there??I've just fixed this bug in the 2.2 and HEAD CVS sources. The problem it seems is that a PDC seems sometimes not to respond to a node status request on the '*#0' name (which we use to get the "real" NetBIOS name of the PDC/BDC). I changed the lookup code to request on the DOMAIN#1b name instead and it will respond to a node status on this name. Jeremy.
Here is a set of fixes for winbind - it avoid using getenv when running suid (when using the nsswitch modules), and also adds a lock for being used in multithreaded apps. --- samba-2.2.2/source/nsswitch/wb_common.c.winsfixes Sat Oct 13 17:09:29 2001 +++ samba-2.2.2/source/nsswitch/wb_common.c Tue Nov 13 18:13:19 2001 @@ -25,6 +25,19 @@ #include "winbind_nss_config.h" #include "winbindd_nss.h" +#include <unistd.h> +#include <sys/types.h> + +/* + * Use __secure_getenv() on glibc, use getenv only when not running setuid otherwise + */ + +#ifdef __GLIBC__ +#define getenv(foo) __secure_getenv(foo) +#else +#define getenv(foo) ((getuid()==geteuid())&&(getgid()==getegid())) ? getenv(foo): NULL +#endif + /* Global variables. These are effectively the client state information */ @@ -328,6 +341,7 @@ /* Check for our tricky environment variable */ + if (getenv(WINBINDD_DONT_ENV)) { return NSS_STATUS_NOTFOUND; } --- samba-2.2.2/source/nsswitch/winbind_nss.c.winsfixes Sat Oct 13 17:09:29 2001 +++ samba-2.2.2/source/nsswitch/winbind_nss.c Tue Nov 13 18:16:54 2001 @@ -24,6 +24,7 @@ #include "winbind_nss_config.h" #include "winbindd_nss.h" +#include <pthread.h> /* Prototypes from common.c */ @@ -282,6 +283,13 @@ static int ndx_pw_cache; /* Current index into pwd cache */ static int num_pw_cache; /* Current size of pwd cache */ +/* + * Mutex for the globals above + */ + +static pthread_mutex_t globalsmutex=PTHREAD_MUTEX_INITIALIZER; + + /* Rewind "file pointer" to start of ntdom password database */ NSS_STATUS @@ -290,12 +298,13 @@ #ifdef DEBUG_NSS fprintf(stderr, "[%5d]: setpwent\n", getpid()); #endif - - if (num_pw_cache > 0) { + pthread_mutex_lock(&globalsmutex); + if (num_pw_cache > 0) { ndx_pw_cache = num_pw_cache = 0; free_response(&getpwent_response); } + pthread_mutex_unlock(&globalsmutex); return winbindd_request(WINBINDD_SETPWENT, NULL, NULL); } @@ -307,13 +316,13 @@ #ifdef DEBUG_NSS fprintf(stderr, "[%5d]: endpwent\n", getpid()); #endif - - if (num_pw_cache > 0) { + pthread_mutex_lock(&globalsmutex); + if (num_pw_cache > 0) { ndx_pw_cache = num_pw_cache = 0; free_response(&getpwent_response); } - - return winbindd_request(WINBINDD_ENDPWENT, NULL, NULL); + pthread_mutex_unlock(&globalsmutex); + return winbindd_request(WINBINDD_ENDPWENT, NULL, NULL); } /* Fetch the next password entry from ntdom password database */ @@ -328,9 +337,11 @@ struct winbindd_request request; static int called_again; + #ifdef DEBUG_NSS fprintf(stderr, "[%5d]: getpwent\n", getpid()); #endif + pthread_mutex_lock(&globalsmutex); /* Return an entry from the cache if we have one, or if we are called again because we exceeded our static buffer. */ @@ -370,6 +381,7 @@ /* Check data is valid */ if (pw_cache == NULL) { + pthread_mutex_unlock(&globalsmutex); return NSS_STATUS_NOTFOUND; } @@ -381,7 +393,8 @@ if (ret == NSS_STATUS_TRYAGAIN) { called_again = True; *errnop = errno = ERANGE; - return ret; + pthread_mutex_unlock(&globalsmutex); + return ret; } *errnop = errno = 0; @@ -395,8 +408,8 @@ free_response(&getpwent_response); } } - - return ret; + pthread_mutex_unlock(&globalsmutex); + return ret; } /* Return passwd struct from uid */ -- Trond Eivind Glomsr?d Red Hat, Inc.
Apparently Analagous Threads
- Smart html output for an object?
- Enhancement of wbinfo in samba2.2.6pre2
- pam_winbind Appears to need a Network Connection to Succeed at Offline Authentication
- pam_winbind Appears to need a Network Connection to Succeed at Offline Authentication
- nss_winbind does not recognize group membership