winbindd & nscd on Solaris 2.7
abartlet at samba.org
Wed Oct 30 12:33:01 GMT 2002
Matthew McCowan wrote:
> Howdy all,
> running samba 2.2.5 on a solaris 2.7 with winbindd pointing to an NT4 PDC.
> Occasionally winbindd will hand out the wrong uid to a user trying to attach
> to the solaris box thru any PAM enabled service (telnet, smbd, ssh, etc).
> For example Alice will login to a shell using her normal credentials and
> winbindd will give her Bob's uid, even though "getent passwd" clearly shows
> The quick (not the track down bug and bludgeon it to death!) fix is to kill
> winbindd, stop the nscd (name service cache daemon) remove the
> winbindd_cache.tdb and restart winbindd (and optionally restart nscd).
> I must say that the functionality provided by winbindd is nothing short of
> fantastic. Open source single sign-on may finally be moving out of the realm
> of myth and legend. Super effort!
> Guess I see if 2.2.6 has a fix ...
Some ideas in tracking it down:
When it's 'broken', is is 'always broken'? That is, is it consistant?
In a different environment (ldap server with not so good indexes) I
found problems with a user being there in an enumeration, but not for a
getpwnam(). In this vain, what does 'id Alice' and 'id Bob' give you,
and how do they compare to getent passwd.
Also, can you try and kill ncsd? After that, I would look into the
static cache in nss_winbind - depending on the desing of your ncsd,
there could be corruption of that structure.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical