Peter Trifonov
2006-Jul-24 11:42 UTC
[Samba] nss_winbind does not recognize group membership
Hello, There is FreeBSD-6.1 box with gcc 3.4.4 compiler (the default). The box is a member of an ADS domain. Everything was working perfectly with samba-3.0.22. After upgrading it to samba-3.0.23_1 from FreeBSD ports collection, the following problem appeared. The system does not seem to recognize that a user is a member of some domain group, and does not grant him appropriate permissions. For example, there is a directory test #ls -al /tmp drwxrwx--- 2 bill DOMAINNAME/algocod 512 Jul 24 14:16 test #ls -anl /tmp drwxrwx--- 2 20004 20014 512 Jul 24 14:16 test There is a user jim who is a member of DOMAINNAME/algocode #wbinfo -n jim S-1-5-21-2532163386-3195846559-1994112731-1107 # wbinfo --user-domgroups S-1-5-21-2532163386-3195846559-1994112731-1107 S-1-5-21-2532163386-3195846559-1994112731-1107 S-1-5-21-2532163386-3195846559-1994112731-1144 S-1-5-21-2532163386-3195846559-1994112731-513 # wbinfo -s S-1-5-21-2532163386-3195846559-1994112731-1144 RESEARCH/AlgoCode 2 # wbinfo -r jim 20014 20001 20023 User jim should be able to read from test, and this was the case with samba-3.0.22 But now (with samba-3.0.23_1) it does not work: jim$ ls /tmp/test/ ls: : Permission denied However, jim is able to read from a directory which is owned by him. log.winbindd contains a lot of messages like [2006/07/24 15:12:19, 0] nsswitch/winbindd.c:request_len_recv(517) request_len_recv: Invalid request size received: 1836 sizeof(winbindd_request) appears to be equal to 1840. On the other hand, pam_winbind seems to work perfectly. The version of nss library seems to be the same as the one of winbindd. # ls -al /usr/local/lib/nss* -r-xr-xr-x 1 root wheel 16664 Jul 24 13:39 /usr/local/lib/nss_winbind.so.1 -r-xr-xr-x 1 root wheel 748308 Jul 24 13:39 /usr/local/lib/nss_wins.so.1 # ls -al /usr/local/sbin/winb* -rwxr-xr-x 1 root wheel 2129111 Jul 24 13:39 /usr/local/sbin/winbindd My nsswitch.conf file looks as follows: group: files winbind #compat group_compat: nis hosts: files dns networks: files passwd: files winbind #compat passwd_compat: nis shells: files Does anybody know what does this all mean and how can it be fixed? Many thanks in advance. With best regards, P. Trifonov