winbindd & nscd on Solaris 2.7

Andrew Bartlett abartlet at
Wed Oct 30 12:33:01 GMT 2002

Matthew McCowan wrote:
> Howdy all,
> running samba 2.2.5 on a solaris 2.7 with winbindd pointing to an NT4 PDC.
> Occasionally winbindd will hand out the wrong uid to a user trying to attach
> to the solaris box thru any PAM enabled service (telnet, smbd, ssh, etc).
> For example Alice will login to a shell using her normal credentials and
> winbindd will give her Bob's uid, even though "getent passwd" clearly shows
> Bob(uid)!=Alice(uid).
> The quick (not the track down bug and bludgeon it to death!) fix is to kill
> winbindd, stop the nscd (name service cache daemon) remove the
> winbindd_cache.tdb and restart winbindd (and optionally restart nscd).
> I must say that the functionality provided by winbindd is nothing short of
> fantastic. Open source single sign-on may finally be moving out of the realm
> of myth and legend. Super effort!
> Guess I see if 2.2.6 has a fix ...

Some ideas in tracking it down:

When it's 'broken', is is 'always broken'?  That is, is it consistant? 
In a different environment (ldap server with not so good indexes) I
found problems with a user being there in an enumeration, but not for a
getpwnam().  In this vain, what does 'id Alice' and 'id Bob' give you,
and how do they compare to getent passwd.

Also, can you try and kill ncsd?  After that, I would look into the
static cache in nss_winbind - depending on the desing of your ncsd,
there could be corruption of that structure.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at

More information about the samba-technical mailing list