Winbind caching

Andreas Schneider asn at
Thu Apr 4 04:26:16 MDT 2013

Hi Volker and others,

I have a bug report that we fail do some valid name lookups. This goes back to

require_membership_of = redhat

in pam_winbind.conf. As you can see a group without a domain is specified 
which results in a lookup of that group without a domain name.

[2013/04/04 12:08:52.940058, 10, pid=9331] 
  process_request: Handling async request 9333:LOOKUPNAME
[2013/04/04 12:08:52.940186,  3, pid=9331] 
  lookupname +redhat
[2013/04/04 12:08:52.940307,  1, pid=9331] 
       wbint_LookupName: struct wbint_LookupName
          in: struct wbint_LookupName
              domain                   : *
                  domain                   : ''
              name                     : *
                  name                     : 'REDHAT'
              flags                    : 0x00000000 (0)
[2013/04/04 12:08:52.948321,  1, pid=9331] 
       wbint_LookupName: struct wbint_LookupName
          out: struct wbint_LookupName
              type                     : *
                  type                     : SID_NAME_DOM_GRP (2)
              sid                      : *
                  sid                      : 
              result                   : NT_STATUS_OK

We end up with the following mappings in the cache:

key(10) = "NS//REDHAT"
data(66) = "\00\00\00\00\88A\00\00#R\5CQ\00\00\00\00\02\00\00\00-

key(48) = "SN/S-1-5-21-2175650508-4111995269-951467909-1106"
data(28) = "\00\00\00\00\88A\00\00#R\5CQ\00\00\00\00\02\00\00\00\00\06redhat"

If you do an 'id' as the user now. It is not able to find the group name in 
the cache:

DISCWORLD+asn at samba:~> id
uid=100001104(DISCWORLD+asn) gid=100000513(DISCWORLD+domain users) 
groups=100000513(DISCWORLD+domain users),100001106,100001108(DISCWORLD+samba)

I've created a patch which looks up the domain name from the sid if 
domain_name is not set. So we will later find the correct entries when we try 
to lookup DISCWORLD\redhat.

Is this the right way to fix it?

	-- andreas

Andreas Schneider                   GPG-ID: F33E3FC6
Samba Team                             asn at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-BUG-XXXX-Cache-name-to-sid-sid-to-name-correctly.patch
Type: text/x-patch
Size: 2676 bytes
Desc: not available
URL: <>

More information about the samba-technical mailing list