Winbind problem or my problem:)

Fri Jun 21 02:32:01 GMT 2002

Hi Andrew,

Instead of getting patch, I installed samba-2.2.5... I thought it would solve the problem but it doesnt...

Firstly, do you think samba-2.2.5 release can solve the problem ? Winbindd source code seems to be updated.

Secondly, winbindd doesnt get the users and groups of its own domain in spite of making a successfull connection to its domain's PDC ( win2000 so it is P. Active Directory ).. But It can get the users  and groups from the trusted domains... I cannot solve this problem... for now, suggesstion for restarting PDC is impossible  here because to start a PDC which is properly serving at this time for 15000 people is no way to accept. 

The error is the same in my previous mail... 

Here is some additional information...

./wbinfo --sequence
TANSAS: 129
GPORTFOY: 51
...
...
some seems disconnected...
GARANTI: 1   -- the largest domain we have...
TEKNOLOJI: 1 -- this is the domain the winbindd machine is in....  is This two 1's important ? does it cause some unification problems?

After starting winbindd, using wbinfo will get the user groups of any GARANTI user, while it cannot get the user groups of TEKNOLOJI...

This is clearly because of the fact that it canno get the users and groups of TEKNOLOJI, so it cannot get the groups of any user from TEKNOLOJI domain...

When list the password db with getent passwd, i can see the users of the domains which are successfully connected by winbindd using IPC$ except the domain in wihich winbindd machine is in...

Any solution would be greatly aprreciated...

Many Thanks in advance...

-----Original Message-----
From: Esh, Andrew [mailto:AEsh at tricord.com]
Sent: Thursday, June 20, 2002 8:28 PM
To: Osman Tufanogullari (Garanti Teknoloji); samba-technical at lists.samba.org
Subject: RE: Winbind problem or my problem:)

I am assuming O. T. is not using ADS security.

O. T. : Try rebooting the PDC. It's possible one of the services is not responding to user info requests. The problem you are describing requires some very basic parts of the code to fail, if it's on the Samba side. I have seen domain controllers have this sort of problem before, usually with LSASS appearing to be working, when in fact it is not replying to requests.

Samba Technical List: After doing some guesswork, I traced this into winbindd_rpc.c, query_user(279), and I can see that most of the handles are being tested. The "ctr" handle is being used without testing the return value from "cli_samr_query_userinfo", however. If that function fails, it returns NT_STATUS_USUCCESSFUL. The value of "ctr" would be undefined, but it gets used anyway.

Suggest the following fix:

Index: winbindd_rpc.c
===================================================================
RCS file: /cvsroot/samba/source/nsswitch/winbindd_rpc.c,v
retrieving revision 1.22.2.7
diff -u -c -r1.22.2.7 winbindd_rpc.c
cvs server: conflicting specifications of0000 1 output style
*** winbindd_rpc.c 6 Jun 2002 21:12:47 -.22.2.7
--- winbindd_rpc.c 20 Jun 2002 17:31:25 -0000
***************
*** 315,320 ****
--- 315,323 ----
   result = cli_samr_query_userinfo(hnd->cli, mem_ctx, &user_pol, 
        0x15, &ctr);

+  if (!NT_STATUS_IS_OK(result))
+   goto done;
+ 
   cli_samr_close(hnd->cli, mem_ctx, &user_pol);
   got_user_pol = False;

The real question is, why would the following code in libsmb/cli_samr.c, cli_samr_user_query fail? It causes a skip of the "ctr" setting.

 if (!samr_io_q_query_userinfo("", &q, &qbuf, 0) ||
     !rpc_api_pipe_req(cli, SAMR_QUERY_USERINFO, &qbuf, &rbuf)) {
  goto done;
 }

 /* Unmarshall response */

 if (!samr_io_r_query_userinfo("", &r, &rbuf, 0)) {
  goto done;
 }

-----Original Message-----
From: Osman Tufanogullari (Garanti Teknoloji) [mailto:OsmanTuf at garanti.com.tr]
Sent: Thursday, June 20, 2002 10:51 AM
To: Esh, Andrew; samba-technical at lists.samba.org
Subject: RE: Winbind problem or my problem:)

Hi Andrew,

Redhat 7.3...

I did what you said and here is output...

#0  0x420b4769 in wait4 () from /lib/i686/libc.so.6
#1  0x4213030c in __DTOR_END__ () from /lib/i686/libc.so.6
#2  0x42049f72 in system () from /lib/i686/libc.so.6
#3  0x0808d895 in smb_panic ()
#4  0x0807d960 in fault_report ()
#5  0x0807d9ae in sig_fault ()
#6  <signal handler called>
#7  0x0806d7c4 in query_user ()
#8  0x08069b22 in query_user ()
#9  0x0806494d in winbindd_getpwnam ()
#10 0x080638b7 in process_request ()
#11 0x08063b06 in process_packet ()
#12 0x0806406e in process_loop ()
#13 0x08064579 in main ()
#14 0x42017499 in __libc_start_main () from /lib/i686/libc.so.6

-----Original Message-----
From: Esh, Andrew [mailto:AEsh at tricord.com]
Sent: Thursday, June 20, 2002 5:29 PM
To: Osman Tufanogullari (Garanti Teknoloji); samba-technical at lists.samba.org
Subject: RE: Winbind problem or my problem:)

What platform? 

The "panic action" smb.conf parameter can be used to display a debugger when the code panics. On Linux, I use this: 

           panic action = "gnome-terminal --command 'gdb /proc/%d/exe %d'" 

This will open a new terminal window and display the gdb debugger, positioned at the point of the panic. Doing a "bt" at that point will show what code was running when it panicked.

We need that information in order to deal with this problem. 

-----Original Message----- 
From: Osman Tufanogullari (Garanti Teknoloji) [ mailto:OsmanTuf at garanti.com.tr] 
Sent: Thursday, June 20, 2002 5:02 AM 
To: samba-technical at lists.samba.org 
Subject: Winbind problem or my problem:) 

Hi all, 

Did you have a problem with winbindd which got all the users from the domains except its own domain!? 
and 
when you reach a share on samba with its own domain user, Signal 11 is received and kills itself... 
Winbindd can bind the PDC of its own domain like it does for the trusted ones but it doesnt get the user or groups of only its domain...

Thanks.. 

-------------- next part --------------
HTML attachment scrubbed and removed