Winbind caching
Andreas Schneider
asn at samba.org
Thu Apr 4 04:26:16 MDT 2013
Hi Volker and others,
I have a bug report that we fail do some valid name lookups. This goes back to
require_membership_of = redhat
in pam_winbind.conf. As you can see a group without a domain is specified
which results in a lookup of that group without a domain name.
[2013/04/04 12:08:52.940058, 10, pid=9331]
winbindd/winbindd.c:617(process_request)
process_request: Handling async request 9333:LOOKUPNAME
[2013/04/04 12:08:52.940186, 3, pid=9331]
winbindd/winbindd_lookupname.c:69(winbindd_lookupname_send)
lookupname +redhat
[2013/04/04 12:08:52.940307, 1, pid=9331]
../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupName: struct wbint_LookupName
in: struct wbint_LookupName
domain : *
domain : ''
name : *
name : 'REDHAT'
flags : 0x00000000 (0)
[2013/04/04 12:08:52.948321, 1, pid=9331]
../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupName: struct wbint_LookupName
out: struct wbint_LookupName
type : *
type : SID_NAME_DOM_GRP (2)
sid : *
sid :
S-1-5-21-2175650508-4111995269-951467909-1106
result : NT_STATUS_OK
We end up with the following mappings in the cache:
{
key(10) = "NS//REDHAT"
data(66) = "\00\00\00\00\88A\00\00#R\5CQ\00\00\00\00\02\00\00\00-
S-1-5-21-2175650508-4111995269-951467909-1106"
}
{
key(48) = "SN/S-1-5-21-2175650508-4111995269-951467909-1106"
data(28) = "\00\00\00\00\88A\00\00#R\5CQ\00\00\00\00\02\00\00\00\00\06redhat"
}
If you do an 'id' as the user now. It is not able to find the group name in
the cache:
DISCWORLD+asn at samba:~> id
uid=100001104(DISCWORLD+asn) gid=100000513(DISCWORLD+domain users)
groups=100000513(DISCWORLD+domain users),100001106,100001108(DISCWORLD+samba)
I've created a patch which looks up the domain name from the sid if
domain_name is not set. So we will later find the correct entries when we try
to lookup DISCWORLD\redhat.
Is this the right way to fix it?
-- andreas
--
Andreas Schneider GPG-ID: F33E3FC6
Samba Team asn at samba.org
www.samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-BUG-XXXX-Cache-name-to-sid-sid-to-name-correctly.patch
Type: text/x-patch
Size: 2676 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130404/3879be12/attachment.bin>
More information about the samba-technical
mailing list