Benoit Panizzon
2006-Jul-19 10:38 UTC
[Samba] winbindd reporting wrong sid, but only sometimes on samba 3.0.23
Hi all I have a problem that starts driving me crazy... Win2k3 ADS, added some attributes like loginshell, gid, uid etc. Unix clients use NSS_LDAP to get 'passwd' data and kerberos to authenticate users. Authentication does not happen via LDAP. winbindd is used to autocreate sid => uid/gid mappings. This worked very fine with samba 3.0.14a. Upgraded to samba 3.0.23 Now the owner of files show a wrong sid (causing for example that the profile cannot be loaded). I did a dump of all the *.tdb files. I cannot find this wrong sid anywhere on the samba installation. If you just take one file on the server, change the owner back to the right file, I see in the debug output, that samba does assing the right sid => uid (the one which is also found in the winbindd_idmap.tdb) and suddenly everything is right, until next reboot of the client. This happens for every user... Any hints where I could start searching? Strangely the 'Administrator' is not affected. Nor are Groups. Only Users. Mit freundlichen Gr?ssen Benoit Panizzon -- I m p r o W a r e A G - System Services ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________
Benoit Panizzon
2006-Jul-19 11:38 UTC
[Samba] winbindd reporting wrong sid, but only sometimes on samba 3.0.23
I suppose winbindd idmap in samba 3.0.23 is just completely broken... After downgrading to 3.0.22 everything works as expected again. Benoit Panizzon -- I m p r o W a r e A G - System Services ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 185 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20060719/7fdc32fc/attachment.bin
Apparently Analagous Threads
- On Register, run a script, validate source IP
- PJSIP: identify endpoint by authentication username?
- pjsip: How is asterisk choosing the IP address to put in the Contact header?
- Solved: Re: Asterisk 13.18.3 PJSIP. Wrong Port in Contact Header in Reply to REGISTER?
- SIP Trunk over Proxy (matching ip of outbound proxy in incomming calls)