getent passwd timeouts on samba 3.5.1

Nagaraj Shyam Nagaraj_Shyam at symantec.com
Mon Aug 23 16:22:38 MDT 2010


>> 

>> Did the "enumerate" approach have to do with starting with a flat

>> newline delimited passwd file J, old ideas die hard. 

 

>Indeed. Google has an interesting fix for this. I'll

>check if it's been published.

 

Cool.  Will be nice if it can be shared by Google, and adopted by
everyone,

Including the unix utilities.

 

>> It is either a sequential search or enumerate for this case.  

 

 

>> There is no need to enumerate all users, however if a new user that
the

>> server has never seen before comes in we should be able to getpwent()

>> for the particular user 

 

>getpwent() is an enumeration function. In order to get the specific

>entry for a particular user, you need getpwnam(), not getpwent().

 

Our script calls only getpwnam() to get a particular entry for user's
homedir setup.

The getpwnam() request gets stuck behind the getpwent() or some group
enumerations that are going on by winbindd. More about this further down
this email.

 

>>  and this does not work reliably all the time

>> either when idmap backend is ldap and we cold start from nothing in
the

>> ldap idmap db, i.e. winbind has to generate the mapping and stick it

>> into ldap.

 

>I still don't see why you need to do an enumeration for a new

>user. A getpwnam() call on the specific name is all you need

>to verify if a new user exists.

 

>What specific application is making the getpwent() call ? Why is it

>doing this ?

 

Our getpwnam() request for user's homedir gets stuck behind the group
enumeration requests generated by "showq" command that is periodically
run.

I know very little about showq or its intended purpose, need to find out
more before I can add details about why someone is invoking it on our
system.

 

Another reason behind the gripe is that the test engineers have got used
to getting successful listings when the type "getent passwd" with idmap
backend=rid and once the idmap backend was set to ldap, the getent
doesn't complete cleanly anymore.  Our product itself doesn't need
getent or user enumeration for anything.

 

Thanks for the replies.

-s

 



More information about the samba-technical mailing list