Hi,
I have an odd problem with winbind. I use it for, among other thing,
nsswitch user resolution. I believe it have a problem with accessing
information for a single user, or with caching.
When I request info for a specific user, it fail (trying to login also
fail with NT_STATUS_NO_SUCH_USER). But it work when I request info for
all users. And then, login and getent for single account start working
too! Example :
[root@server samba]# getent passwd testuser
[root@server samba]# getent passwd | grep testuser
testuser:*:10210:10000:testuser:/home/testuser:/bin/bash
[root@server samba]# getent passwd testuser
testuser:*:10210:10000:testuser:/home/testuser:/bin/bash
[root@server samba]#
It would work if I ran "wbinfo -u" too. If I wait little while (the
equivalent of "winbind cache time" ?), then the same problem reappear.
My hypothesis is that winbind fail to grab account information for a
single user, but work when fetching info for all users. Thus the cache
get populated, and it work while it does'nt time out.
How can it make it work without having to run binfo -u" or "getent
passwd" manually ? I am using RHEL 4 with Samba samba-3.0.10-1.4E if
it matter.
Here is an excerpt from my winbindd.log at -d3 :
(...snip unrelated stuff...)
[2005/06/01 11:19:05, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(126)
[ 921]: getpwnam testuser
[2005/06/01 11:19:05, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
user 'testuser' does not exist
[2005/06/01 11:19:11, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
[ 922]: request interface version
[2005/06/01 11:19:11, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
[ 922]: request location of privileged pipe
[2005/06/01 11:19:11, 3] nsswitch/winbindd_user.c:winbindd_setpwent(310)
[ 922]: setpwent
[2005/06/01 11:19:11, 3] nsswitch/winbindd_user.c:winbindd_getpwent(486)
[ 922]: getpwent
[2005/06/01 11:19:11, 3] nsswitch/winbindd_ads.c:query_user_list(128)
ads: query_user_list
[2005/06/01 11:19:11, 3] nsswitch/winbindd_ads.c:query_user_list(202)
ads query_user_list gave 235 entries
[2005/06/01 11:19:11, 3] nsswitch/winbindd_user.c:winbindd_getpwent(486)
[ 922]: getpwent
[2005/06/01 11:19:11, 3] nsswitch/winbindd_user.c:winbindd_endpwent(375)
[ 922]: endpwent
[2005/06/01 11:19:29, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
[ 924]: request interface version
[2005/06/01 11:19:29, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
[ 924]: request location of privileged pipe
[2005/06/01 11:19:29, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(126)
[ 924]: getpwnam testuser
(...snip unrelated stuff...)
Here are the revelant part of my smb.conf :
workgroup = WG
allow trusted domains = no
security = ads
realm = WG.TEST.DOM
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template homedir = /home/%U
template primary group = somegroup
winbind use default domain = yes
Thanks for your insights !
Etienne Goyer