Winbind problem or my problem:)

Esh, Andrew AEsh at tricord.com
Thu Jun 20 10:33:02 GMT 2002 

I am assuming O. T. is not using ADS security.
 
O. T. : Try rebooting the PDC. It's possible one of the services is not
responding to user info requests. The problem you are describing requires
some very basic parts of the code to fail, if it's on the Samba side. I have
seen domain controllers have this sort of problem before, usually with LSASS
appearing to be working, when in fact it is not replying to requests.
 
Samba Technical List: After doing some guesswork, I traced this into
winbindd_rpc.c, query_user(279), and I can see that most of the handles are
being tested. The "ctr" handle is being used without testing the return
value from "cli_samr_query_userinfo", however. If that function fails, it
returns NT_STATUS_USUCCESSFUL. The value of "ctr" would be undefined, but it
gets used anyway.
 
Suggest the following fix:
 
Index: winbindd_rpc.c
===================================================================
RCS file: /cvsroot/samba/source/nsswitch/winbindd_rpc.c,v
retrieving revision 1.22.2.7
diff -u -c -r1.22.2.7 winbindd_rpc.c
cvs server: conflicting specifications of output style
*** winbindd_rpc.c 6 Jun 2002 21:12:47 -0000 1.22.2.7
--- winbindd_rpc.c 20 Jun 2002 17:31:25 -0000
***************
*** 315,320 ****
--- 315,323 ----
   result = cli_samr_query_userinfo(hnd->cli, mem_ctx, &user_pol, 
        0x15, &ctr);
  
+  if (!NT_STATUS_IS_OK(result))
+   goto done;
+ 
   cli_samr_close(hnd->cli, mem_ctx, &user_pol);
   got_user_pol = False;
  

 
The real question is, why would the following code in libsmb/cli_samr.c,
cli_samr_user_query fail? It causes a skip of the "ctr" setting.
 
 if (!samr_io_q_query_userinfo("", &q, &qbuf, 0) ||
     !rpc_api_pipe_req(cli, SAMR_QUERY_USERINFO, &qbuf, &rbuf)) {
  goto done;
 }
 
 /* Unmarshall response */
 
 if (!samr_io_r_query_userinfo("", &r, &rbuf, 0)) {
  goto done;
 }


-----Original Message-----
From: Osman Tufanogullari (Garanti Teknoloji)
[mailto:OsmanTuf at garanti.com.tr]
Sent: Thursday, June 20, 2002 10:51 AM
To: Esh, Andrew; samba-technical at lists.samba.org
Subject: RE: Winbind problem or my problem:)


Hi Andrew,
 
Redhat 7.3...
 
I did what you said and here is output...
 
#0  0x420b4769 in wait4 () from /lib/i686/libc.so.6
#1  0x4213030c in __DTOR_END__ () from /lib/i686/libc.so.6
#2  0x42049f72 in system () from /lib/i686/libc.so.6
#3  0x0808d895 in smb_panic ()
#4  0x0807d960 in fault_report ()
#5  0x0807d9ae in sig_fault ()
#6  <signal handler called>
#7  0x0806d7c4 in query_user ()
#8  0x08069b22 in query_user ()
#9  0x0806494d in winbindd_getpwnam ()
#10 0x080638b7 in process_request ()
#11 0x08063b06 in process_packet ()
#12 0x0806406e in process_loop ()
#13 0x08064579 in main ()
#14 0x42017499 in __libc_start_main () from /lib/i686/libc.so.6
 

-----Original Message-----
From: Esh, Andrew [mailto:AEsh at tricord.com]
Sent: Thursday, June 20, 2002 5:29 PM
To: Osman Tufanogullari (Garanti Teknoloji); samba-technical at lists.samba.org
Subject: RE: Winbind problem or my problem:)



What platform? 

The "panic action" smb.conf parameter can be used to display a debugger when
the code panics. On Linux, I use this: 

           panic action = "gnome-terminal --command 'gdb /proc/%d/exe %d'" 

This will open a new terminal window and display the gdb debugger,
positioned at the point of the panic. Doing a "bt" at that point will show
what code was running when it panicked.

We need that information in order to deal with this problem. 

-----Original Message----- 
From: Osman Tufanogullari (Garanti Teknoloji) [
mailto:OsmanTuf at garanti.com.tr <mailto:OsmanTuf at garanti.com.tr> ] 
Sent: Thursday, June 20, 2002 5:02 AM 
To: samba-technical at lists.samba.org 
Subject: Winbind problem or my problem:) 



Hi all, 

Did you have a problem with winbindd which got all the users from the
domains except its own domain!? 
and 
when you reach a share on samba with its own domain user, Signal 11 is
received and kills itself... 
Winbindd can bind the PDC of its own domain like it does for the trusted
ones but it doesnt get the user or groups of only its domain...

Thanks.. 

-------------- next part --------------
HTML attachment scrubbed and removed

More information about the samba-technical mailing list