winbindd & nscd on Solaris 2.7
Andrew Bartlett
abartlet at samba.org
Wed Oct 30 12:33:01 GMT 2002
Matthew McCowan wrote:
>
> Howdy all,
>
> running samba 2.2.5 on a solaris 2.7 with winbindd pointing to an NT4 PDC.
>
> Occasionally winbindd will hand out the wrong uid to a user trying to attach
> to the solaris box thru any PAM enabled service (telnet, smbd, ssh, etc).
> For example Alice will login to a shell using her normal credentials and
> winbindd will give her Bob's uid, even though "getent passwd" clearly shows
> Bob(uid)!=Alice(uid).
>
> The quick (not the track down bug and bludgeon it to death!) fix is to kill
> winbindd, stop the nscd (name service cache daemon) remove the
> winbindd_cache.tdb and restart winbindd (and optionally restart nscd).
>
> I must say that the functionality provided by winbindd is nothing short of
> fantastic. Open source single sign-on may finally be moving out of the realm
> of myth and legend. Super effort!
>
> Guess I see if 2.2.6 has a fix ...
Some ideas in tracking it down:
When it's 'broken', is is 'always broken'? That is, is it consistant?
In a different environment (ldap server with not so good indexes) I
found problems with a user being there in an enumeration, but not for a
getpwnam(). In this vain, what does 'id Alice' and 'id Bob' give you,
and how do they compare to getent passwd.
Also, can you try and kill ncsd? After that, I would look into the
static cache in nss_winbind - depending on the desing of your ncsd,
there could be corruption of that structure.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical
mailing list