getent works, but getpwnam fails

adp dap99 at i-55.com
Thu Jul 15 15:44:26 GMT 2004 

I have an odd problem. For the majority of accounts in AD Winbind works
fine. However, for a very small minority the user cannot login (user not
found). To debug this I first ran 'getent passwd | grep username'. This
indeed returned the username that is not working. I then set 'log level' to
3 and restarted Winbind. Watching the log I found that for the user that
cannot login, Winbind shows:

# su - xx
su: user xx does not exist
# tail /var/log/samba/winbind.log
...
[2004/07/15 11:29:51, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
  [11246]: request interface version
[2004/07/15 11:29:51, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
  [11246]: request location of privileged pipe
[2004/07/15 11:29:51, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(122)
  [11246]: getpwnam xx
# getent passwd | grep xx
xx:x:11911:10001:X, X:/home/xx:/bin/sh

For users where this works they get more:

[2004/07/15 11:30:46, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
  [11250]: request interface version
[2004/07/15 11:30:46, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
  [11250]: request location of privileged pipe
[2004/07/15 11:30:46, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(122)
  [11250]: getpwnam yy
[2004/07/15 11:30:46, 3] nsswitch/winbindd_ads.c:name_to_sid(313)
  ads: name_to_sid

So my thought here is that getpwnam is not returning a good response for xx.

To test this I wrote a test program that confirmed that xx can't be found
using getpwnam(), even though it shows up with getent:

The output:

xx failed
errno: Success
yy worked

The program:

#include <stdio.h>
#include <pwd.h>
#include <sys/types.h>

void test_user(char *user) {
        struct passwd *pw;

        if ((pw = getpwnam(user)) == NULL)
        {
                printf("%s failed\n", user);
                perror("errno");
        }
        else
                printf("%s worked\n", user);
}

int main(void) {
        char *bad_user  = "xx";
        char *good_user = "yy";

        test_user(bad_user);
        test_user(good_user);

        return 0;
}

What is going on here? We have about five accounts that show this behavior.

We are running RHES3 with:

samba-common-3.0.2-6.3E
redhat-config-samba-1.0.16-1
samba-3.0.2-6.3E
samba-client-3.0.2-6.3E

More information about the samba-technical mailing list