[Samba] Re: Winbind broken after 2.2.8 upgrade

Shawn Wright swright at sls.bc.ca
Thu Mar 27 00:11:13 GMT 2003 

Ok, stupid me. Somehow I missed updating /lib/libnss_winbind.so on both 
these machines. Presumably this would have also caused corruption of the 
winbind idmap?
Since winbind is now installed with a "make install", would it not be a good 
idea to also install libnss_winbind.so also? Or at least provide some version 
checking in winbind so that it will fail to start and report an error if it 
encounters the wrong version of libnss_winbind.so?
It seems that the idmap file is a very weak link in samba right now, so every 
effort should be made to prevent corruption during upgrades, etc.
In our case, I was able to re-apply acls for 400 users, but quota information 
for a large shared file volume was lost, as I could not re-map the ids, and 
had to reset file ownerships to avoid users having incorrect quota 
assignments.


On 25 Mar 2003 at 10:32, samba at lists.samba.org wrote:

> I have just upgraded two of our samba boxes to 2.2.8 and ended up with 
> partially broken winbind after the upgrade. The machines are slightly 
> different, and so are the symptoms, so here goes:
> 
> System 1: Was at 2.2.3 compiled from source Feb4/02, using options: 
> "./configure  --with-winbind --with-acl-support --with-quotas". Running on 
> RedHat 7.2, installed from SGI's XFS installer to enable ACLs and quotas 
> with samba on XFS filesystems. System running fine in production for ~500 
> NT domain users for the past 8 months. All users are on NT domain, using 
> winbind from user lookups.
> After upgrade to 2.2.8, I see the following:
> 
> getent passwd shows only local users, no domain users
> wbinfo -u and -g report domain users & groups normally
> users connecting to smb shares appear as "root" in smbstatus (!)
> a nobody share appears browsing the system from an NT box.
> As this is  a production system, I've had to revert to 2.2.3 so further testing 
> may be difficult at this time.
> 
> System #2 is a fresh install of RedHat 8 using the SGI XFS installer v1.2, 
> and had the stock samba 2.2.5 rpm installed, over which I compiled and 
> installed 2.2.8. Config is essentially the same as system #1 otherwise. 
> (smb.conf shown at end of message)
> 
> This time, wbinfo -t, -u, -g all work as expected.
> getent passwd shows local users, then a list of domain user IDs in the 
> format: (where 106xx is the id)
> 
> ::0:10646:'::
> ::0:10647:'::
> ::0:10648:'::
> 
> getent group shows a corrupted group listing as follows, "webalizer" is the 
> last entry in /etc/group, and the correct domain name is "SHAWNIGAN - 
> notice it is mangled in various places:
> 
> webalizer:x:67:
> hHAWNIGAN+AP French:aminx:1280532334:À«
> ::1852728681:WNIGAN+abehennah,SHAWNIGAN+adeane,SHAWNIGAN+
> dew,SHAWNIGAN+gperry,SH
> AWNIGAN+jrc,SHAWNIGAN+rfilgate,SHAWNIGAN+jcs
> 
> ============
> Here is what the above should look like (and does on the other box running 
> 2.2.3):
> 
> SHAWNIGAN+AP French:x:10023:
> SHAWNIGAN+Dept-
> English:x:10024:SHAWNIGAN+abehennah,SHAWNIGAN+adeane,SHAWN
> IGAN+dew,SH
> AWNIGAN+gperry,SHAWNIGAN+jrc,SHAWNIGAN+rfilgate,SHAWNIGAN+j
> cs
> 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Shawn Wright, Systems Manager
Shawnigan Lake School
http://www.sls.bc.ca
swright at sls.bc.ca

More information about the samba mailing list