winbind, uid.c, Take Ownership and local samba users... something's
fishy
jtrostel at snapserver.com
jtrostel at snapserver.com
Thu Sep 27 14:44:26 GMT 2001
Yeah... there seems to be something strange going on here.
debug statements in samba show the following values:
global_myworkgroup => CEO
global_myname => JTSDEVEL
These are the domain and machine name (respectively) for the SAMBA server.
_lsa_unk_get_connuser username => jt
_lsa_unk_get_connuser domain => JTSNT
These are the _workgroup_ and username for the user connecting to SAMBA.
When I get passed into uid.c/lookup_name, winbind _thinks_ it finds a domain
name (it appears):
lookup_name (winbindd): CEO\jt -> SID S-1-5-21-.... (type 8)
The problem is that there is no user 'jt' in the CEO domain. When I run
'getent passwd' on the SAMBA server, I get:
root:x:0:0:root:/root:/bin/bash
...
jt:x:500:500::/home/jt:/bin/bash
another_user:x:501:501::/home/another_user:/bin/bash
CEO+Administrator:x:10000:10000::/home/CEO/Administrator:/bin/false
...
with NO CEO+jt in the list.
It looks like winbind_lookup_name succeeds with CEO\jt instead of failing... It
looks like it _should_ fail if the code lower down in uid.c is going to
validate the user 'jt' locally....
I'll look at this a bit more... but it's getting late here now.
On 27-Sep-2001 David Almeida wrote:
> The Explorer after it issues a LSA_UNK_CONN_USR takes the DOMAIN/user string
> from that call and issues a subsequent LSA_LOOKUP_NAMES call. In the
> relevant thread the function lookup_name in uid.c passes the LOOKUP names
> command to the Winbindd Daemon for process to the PDC. If the PDC does not
> return a valid RID, then the code then examines the local database for a
> match. If this fails, then an Unknown user error message is passed back to
> the explorer. Hence the message you see.
>
> Dave Almeida
>
--
John M. Trostel
Senior Software Engineer
Quantum / SnapAppliances
jtrostel at snapserver.com
More information about the samba-technical
mailing list