Fundemental bug in winbindd 2.2.7a?
Jason Haar
Jason.Haar at trimble.co.nz
Tue Mar 4 01:46:09 GMT 2003
I'm using winbindd to dump NT users and groups out to Unix, and I think I've
found a rather major bug.
We have a mixture of Active Directory and WinNT Domains spread world-wide
over low to high (1-2Mbs) speed WAN links.
If I dump a remote domains groups, the accounts within show up with the
WRONG MEMBERS! e.g. if winbindd is running under the local "NZ" domain, and
I use it via "export WINBINDD_DOMAIN=US" to dump group membership in a
(Active Directory) domain on another site (via "getent group"), then I end
up with corrupt entries:
e.g.
"US+Just Me" may be a Universal Group that is meant to contain "NZ+jhaar",
instead it contains "US+other_user"!
In fact, all of the Universal Groups in "US" come through *exclusively* with
corrupt "US+username" entries, instead of the mixture of domain accounts
that are really there. Perhaps there some misinterpretation of SIDs going on
in winbindd?
Redhat 7.3, Samba 2.2.7a.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
More information about the samba-technical
mailing list