need understanding of getpwnam_alloc
dw6881pr at gmail.com
Fri Nov 9 20:24:09 GMT 2007
I'm running some tests with smbclient -L localhost -U username.
When a user authenticates correctly, I see two successful logon events on
the windows DC.
I also see two traces of check_ntlm_password in the logs.
Why are there two logon requests?
On 11/9/07, Dan Wong <dw6881pr at gmail.com> wrote:
> Originally I had set winbind enum users=yes and winbind enum groups=yes in
> the smb.conf, but this was causing wbinfo -u error lookup problems.
> When I set both fields to no, wbinfo -u would list all users correctly.
> Afterwards, I still saw intermittent lookup errors.
> I'm thinking this might be related to a regression that you mentioned in
> the thread "How to ignore trusted domains completely?".
> I saw traces of winbind talking to other DCs, while my smb.conf only
> points to one local DC.
> On 11/8/07, Gerald (Jerry) Carter <jerry at samba.org> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > Dan Wong wrote:
> > > Can someone explain how getpwnam_alloc works?
> > Itr's just a getpwnam() call that allocated a struct passwd
> > rather than using static memory.
> > > My assumption is with winbind authentication, winbind
> > > retrieves a user account security data structure(mem_ctx)
> > > from the domain controller. This structure is all the
> > > info related to the user (windows ACEs,etc).
> > > The getpwnam_alloc just checks if this security data
> > > structure belongs to user that is being authenticated.
> > The getpwnam() call is to obtain the uid, primary gid and
> > other UNIX attributes for the user.
> > > Please advise if I'm off track.
> > getpwnam() goes through NSS. Mayke sure that nss_winbind
> > is installed and working properly.
> > cheers, jerry
> > - --
> > =====================================================================
> > Samba ------- http://www.samba.org
> > Centeris ----------- http://www.centeris.com
> > "What man is a man who does not make the world better?" --Balian
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.6 (GNU/Linux)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> > iD8DBQFHM9CvIR7qMdg1EfYRAvi+AJ9XCJ1VV9y5TDqTgnhUAMvRFNxb/ACfVgws
> > Tei6EmoDN9wzAOD+nyIeWsE=
> > =BIE+
> > -----END PGP SIGNATURE-----
More information about the samba-technical