winbindd & nscd on Solaris 2.7
m_mccowan at motherwell.com.au
Wed Oct 30 12:53:13 GMT 2002
> Matthew McCowan wrote:
>> running samba 2.2.5 on a solaris 2.7 with winbindd pointing to an NT4
>> Occasionally winbindd will hand out the wrong uid to a user trying to
>> attach to the solaris box thru any PAM enabled service (telnet, smbd,
>> ssh, etc). For example Alice will login to a shell using her normal
>> credentials and winbindd will give her Bob's uid, even though "getent
>> passwd" clearly shows Bob(uid)!=Alice(uid).
>> The quick (not the track down bug and bludgeon it to death!) fix is to
>> kill winbindd, stop the nscd (name service cache daemon) remove the
>> winbindd_cache.tdb and restart winbindd (and optionally restart nscd).
> Some ideas in tracking it down:
> When it's 'broken', is is 'always broken'? That is, is it consistant?
> In a different environment (ldap server with not so good indexes) I
It's definitely cactus for any user trying to set up a new session. When
I'm told it's gone toes up I usually test it by trying to ssh to it (PAM
enabled sshd on the solaris box). I've got the keys setup so I should
immediately get a bash shell, so if it asks for a password its a good
indicator that its 'broke'
> found problems with a user being there in an enumeration, but not for a
> getpwnam(). In this vain, what does 'id Alice' and 'id Bob' give you,
> and how do they compare to getent passwd.
will test next time it happens
> Also, can you try and kill ncsd? After that, I would look into the
> static cache in nss_winbind - depending on the desing of your ncsd,
> there could be corruption of that structure.
More information about the samba-technical