winbind, uid.c, Take Ownership and local samba users... somet hing's fishy

Esh, Andrew AEsh at tricord.com
Thu Sep 27 15:11:03 GMT 2001 

I have noticed some weirdness with names in Take Ownership. They actually
get garbaged over time by other requests, so that they are eventually passed
around in the network packets with trash in them. By the time a Take
Ownership is done, the name will not resolve to a SID, and it fails. I think
there's data corruption taking place, but I haven't found where yet.

-----Original Message-----
From: jtrostel at snapserver.com [mailto:jtrostel at snapserver.com]
Sent: Thursday, September 27, 2001 4:41 PM
To: David Almeida; samba-technical at samba.org
Subject: winbind, uid.c, Take Ownership and local samba users...
something's fishy


Yeah... there seems to be something strange going on here.

debug statements in samba show the following values:

global_myworkgroup => CEO
global_myname => JTSDEVEL

These are the domain and machine name (respectively) for the SAMBA server.

_lsa_unk_get_connuser username => jt
_lsa_unk_get_connuser domain   => JTSNT

These are the _workgroup_ and username for the user connecting to SAMBA.

When I get passed into uid.c/lookup_name, winbind _thinks_ it finds a domain
name (it appears):
        lookup_name (winbindd): CEO\jt -> SID S-1-5-21-.... (type 8)

The problem is that there is no user 'jt' in the CEO domain.  When I run
'getent passwd' on the SAMBA server, I get:

        root:x:0:0:root:/root:/bin/bash
                ...
        jt:x:500:500::/home/jt:/bin/bash
        another_user:x:501:501::/home/another_user:/bin/bash
        CEO+Administrator:x:10000:10000::/home/CEO/Administrator:/bin/false
                ...

with NO CEO+jt in the list.

It looks like winbind_lookup_name succeeds with CEO\jt instead of failing...
It
looks like it _should_ fail if the code lower down in uid.c is going to
validate the user 'jt' locally....

I'll look at this a bit more... but it's getting late here now.


On 27-Sep-2001 David Almeida wrote:
> The Explorer after it issues a LSA_UNK_CONN_USR takes the DOMAIN/user
string
> from that call and issues a subsequent LSA_LOOKUP_NAMES call. In the
> relevant thread the function lookup_name in uid.c passes the LOOKUP names
> command to the Winbindd Daemon for process to the PDC. If the PDC does not
> return a valid RID, then the code then examines the local database for a
> match. If this fails, then an Unknown user error message is passed back to
> the explorer. Hence the message you see.
> 
> Dave Almeida
> 

-- 
John M. Trostel
Senior Software Engineer
Quantum / SnapAppliances
jtrostel at snapserver.com
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the samba-technical mailing list