Weird uids going through nsswitch

Andrew Bartlett abartlet at pcug.org.au
Wed Mar 27 01:35:06 GMT 2002 

Wade Turland wrote:
> 
> Hi all
> 
> Our samba server is going belly-up several times a day in peak times and I
> think this is related. Load averages skyrocket to 200.00 or more and we get
> thousands of stray processes. The only solution I've found is to kill all
> smbd processes and restart samba, which will allow the workstations to
> reconnect.
> 
> We are seeing strange userid lookups going through the name service switch
> to the ldap server. Note, this is not samba with ldap, only padl.com's
> nss_ldap-87 which has run reliably for 2 years or more.
> 
> Recently we upgraded about 1000 lab machines to Win2k running Novell
> clients. Students' login scripts do a
> 
> NET USE H: \\HOST\USERID PASSWORD /USER=USERID
> 
> to mount the samba home drive.
> 
> When we look at the eDirectory ldap server, we see weird requests coming
> through. Eg.
> 
> filter= (&(objectclass=posixAccount)(uid=LABS-75-194'0012345678))
> 
> where LABS-75-194   is the workstation name
> and   12345678      is the student's userid
> 
> Can anyone suggest why this is happening and how to stop it? Is it a normal
> and legal protocol activity? I've tried tcpdump and setting samba's debug
> level to 9, but neither seems to show anything related except some logs
> have copious amounts of:
> 
> [2002/03/26 15:45:42, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(437)
>   getsmbfilepwent: returning passwd entry for user 13017620, uid 13017620
> 
> for all different user names. Is it searching for every user for some
> reason?
> 
> And why is it putting the '00 in front of the userid?

I suspect this is a combination of Get_Pwnam() and the domain\username
lookups samba does in an attempt to use a trusted domain account (via
winbind).  The '00 might be LDAP's way of represending a null (or
similar weird char) - which for some odd reason might be your winbind
seperator.

Samba will try various combinations of this, up to the username level. 
If all your usernames are lowercase, set 'username level = 0' in your
smb.conf.  Also try setting a winbind seperator (dispite the fact you
don't use winbind) and see if it changes the lookups.

Also, ensure your ldap server is correctly indexed.  As these stray
lookups should fail quickly and let smbd go on its way.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba-technical mailing list