Hello everyone, I have posted this problem report some time ago (see message "nss_winbind does not recognize group membership" sent on 24.07.2006), but there was no reply. The FreeBSD 6.1 server is a member of ADS domain. There is a directory named test with write permissions granted to user bill and group DOMAINNAME/algocod: #ls -al /tmp drwxrwx--- 2 bill DOMAINNAME/algocod 512 Jul 24 14:16 test bill is a user registered in domain DOMAINNAME, but not a member of algocod group. He is able to read and write to and from directory test. But the user jim, who is a member of DOMAINNAME/algocod, cannot get access to it. log.winbindd contains a lot of messages like [2006/07/24 15:12:19, 0] nsswitch/winbindd.c:request_len_recv(517) request_len_recv: Invalid request size received: 1836 This problem appeared after upgrading from samba-3.0.22 to samba-3.0.23_1 (from FreeBSD ports collection). Please let me know if anyone has any idea on how to solve this problem. With best regards, P. Trifonov
Gerald (Jerry) Carter
2006-Jul-27 11:44 UTC
[Samba] Incorrect handling of group permissions
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Trifonov wrote:> log.winbindd contains a lot of messages like > [2006/07/24 15:12:19, 0] nsswitch/winbindd.c:request_len_recv(517) > request_len_recv: Invalid request size received: 1836Did you upgrade the nss_winbind.so library as well ? cheers, jerry ====================================================================Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEyKbyIR7qMdg1EfYRAljxAJsFIzKXkWPup1+fBDvBHaNEUG8ttQCgz2SI AwuQ1goJnjU87kjN0tcWB9s=xleH -----END PGP SIGNATURE-----
Dear Jerry,> > log.winbindd contains a lot of messages like > > [2006/07/24 15:12:19, 0] nsswitch/winbindd.c:request_len_recv(517) > > request_len_recv: Invalid request size received: 1836 > > Did you upgrade the nss_winbind.so library as well ? >Thank you very much for prompt reply. It seems that the install script upgraded them properly. At least, nss_winbind.so and winbindd have the same date. -r-xr-xr-x 1 root wheel 16664 Jul 24 13:39 /usr/local/lib/nss_winbind.so.1 -r-xr-xr-x 1 root wheel 748308 Jul 24 13:39 /usr/local/lib/nss_wins.so.1 -rwxr-xr-x 1 root wheel 2129111 Jul 24 13:39 /usr/local/sbin/winbindd I have also tried to copy nss_winbind.so from the build directory manually, but this did not change anything. The problem occurs with group permissions only. All users can read the directories which are owned by them and have "user read" permission. With best regards, P. Trifonov
Hello everyone, I have raised this question some time ago, but the solution still was not found. The FreeBSD 6.1 server is a member of ADS domain. There is a directory named test with write permissions granted to user bill and group DOMAINNAME/algocod: #ls -al /tmp drwxrwx--- 2 bill DOMAINNAME/algocod 512 Jul 24 14:16 test bill is a user registered in domain DOMAINNAME, but not a member of algocod group. He is able to read and write to and from directory test. But the user jim, who is a member of DOMAINNAME/algocod, cannot get access to it. log.winbindd contains a lot of messages like [2006/07/24 15:12:19, 0] nsswitch/winbindd.c:request_len_recv(517) request_len_recv: Invalid request size received: 1836 This problem appeared after upgrading from samba-3.0.22 to samba-3.0.23_1 (from FreeBSD ports collection) and 3.0.23a. Please let me know if anyone has any idea on how to solve this problem. With best regards, P. Trifonov
Gerald (Jerry) Carter
2006-Aug-04 16:07 UTC
[Samba] RE: Incorrect handling of group permissions
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Trifonov wrote:> Hello everyone, > > I have raised this question some time ago, but the solution still was not > found. > > The FreeBSD 6.1 server is a member of ADS domain. There is a > directory named test with write permissions granted to user > bill and group DOMAINNAME/algocod: > > #ls -al /tmp > drwxrwx--- 2 bill DOMAINNAME/algocod 512 Jul 24 14:16 test > > > bill is a user registered in domain DOMAINNAME, but not a > member of algocod group. He is able to read and write to and > from directory test. But the user jim, who is a member of > DOMAINNAME/algocod, cannot get access to it. > > log.winbindd contains a lot of messages like > [2006/07/24 15:12:19, 0] nsswitch/winbindd.c:request_len_recv(517) > request_len_recv: Invalid request size received: 1836This can only be a mismatch between winbindd and libnss_winbind.so like I said before. 1836 would be the correct size with lack of a 64-bit integer. cheers, jerry ====================================================================Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE03CmIR7qMdg1EfYRAsKSAKDFLXb1Gh6t7pH+EOpXRuaZ5okKSACePmcA 9MgvpzvLkj4msgQUK+PH8Is=Kv1D -----END PGP SIGNATURE-----
Dear Jerry,> > log.winbindd contains a lot of messages like > > [2006/07/24 15:12:19, 0] nsswitch/winbindd.c:request_len_recv(517) > > request_len_recv: Invalid request size received: 1836 > > This can only be a mismatch between winbindd and > libnss_winbind.so like I said before. 1836 would be the > correct size with lack of a 64-bit integer.I just tried to restart the system and this caused "invalid request size" messages to disappear. I do not understand why did this happen, since I restarted both winbindd and nss many times before. However, group permissions are still not handled properly. Furthermore, after installing samba 3.0.22a all domain users get message "Your password has expired" when logging in. With best regards, P. Trifonov
Dear Samba developers, Please let me know if there are any solutions for the bug https://bugzilla.samba.org/show_bug.cgi?id=3990 It still does not work with samba-3.0.23b. The problem occurred on a production server, and I do not feel comfortable with "world write" permissions needed to overcome it. Many thanks in advance. With best regards, P. Trifonov