thr3ads.net - samba - [Samba] nss_winbind does not recognize group membership [Jul 2006]

If this information is useful, please help other people find it:
Share via:

Peter Trifonov

2006-Jul-24 11:42 UTC

[Samba] nss_winbind does not recognize group membership

Hello,

There is FreeBSD-6.1 box with gcc 3.4.4 compiler (the default).
The box is a member of an ADS domain. Everything was working perfectly with
samba-3.0.22.
After upgrading it to samba-3.0.23_1 from FreeBSD ports collection, the
following problem appeared.

The system does not seem to recognize that a user is a member of some domain
group, and does not grant him
appropriate permissions.  For example, there is a directory test

#ls -al /tmp
drwxrwx---   2 bill    DOMAINNAME/algocod     512 Jul 24 14:16 test
#ls -anl /tmp
drwxrwx---   2 20004  20014     512 Jul 24 14:16 test

There is a user jim who is a member of DOMAINNAME/algocode

#wbinfo -n jim
S-1-5-21-2532163386-3195846559-1994112731-1107
# wbinfo --user-domgroups S-1-5-21-2532163386-3195846559-1994112731-1107
S-1-5-21-2532163386-3195846559-1994112731-1107
S-1-5-21-2532163386-3195846559-1994112731-1144
S-1-5-21-2532163386-3195846559-1994112731-513

# wbinfo -s S-1-5-21-2532163386-3195846559-1994112731-1144
RESEARCH/AlgoCode 2

# wbinfo -r jim
20014
20001
20023


User jim should be able to read from test, and this was the case with
samba-3.0.22

But now (with samba-3.0.23_1) it does not work:

jim$ ls /tmp/test/
ls: : Permission denied

However, jim is able to read from a directory which is owned by him. 

log.winbindd contains a lot of messages like 
[2006/07/24 15:12:19, 0] nsswitch/winbindd.c:request_len_recv(517)
  request_len_recv: Invalid request size received: 1836

sizeof(winbindd_request) appears to be equal to 1840.

On the other hand, pam_winbind seems to work perfectly.

The version of nss library seems to be the same as the one of winbindd.

# ls -al /usr/local/lib/nss*
-r-xr-xr-x  1 root  wheel   16664 Jul 24 13:39
/usr/local/lib/nss_winbind.so.1
-r-xr-xr-x  1 root  wheel  748308 Jul 24 13:39 /usr/local/lib/nss_wins.so.1
# ls -al /usr/local/sbin/winb*
-rwxr-xr-x  1 root  wheel  2129111 Jul 24 13:39 /usr/local/sbin/winbindd

My nsswitch.conf file looks as follows:

group: files winbind #compat
group_compat: nis
hosts: files dns
networks: files
passwd: files winbind #compat
passwd_compat: nis
shells: files

Does anybody know what does this all mean and how can it be fixed?

Many thanks in advance. 


With best regards,
P. Trifonov

Possibly Parallel Threads

Search for more apparently analagous threads

samba - Jul 2006 - nss_winbind does not recognize group membership

[Samba] nss_winbind does not recognize group membership

Possibly Parallel Threads

Wisdom of the Ancients