with most recent git master smbd fails to start in AD DC mode

Günter Kukkukk linux at kukkukk.com
Sat Mar 22 22:11:11 MDT 2014


Am 23.03.2014 04:11, schrieb Jeremy Allison:
> On Sat, Mar 22, 2014 at 07:55:49PM -0700, Jeremy Allison wrote:
>> On Sun, Mar 23, 2014 at 01:03:35PM +1300, Andrew Bartlett wrote:
>>> On Sat, 2014-03-22 at 12:39 -0700, Jeremy Allison wrote:
>>>>
>>>> username -> getpwnam() -> uid_to_sid() -> sid_to_uid() -> getpwuid() -> username
>>>
>>> | This part                              |
>>>
>>> doesn't happen in the AD DC case.  We start with a SID from the sam.ldb
>>> database. 
>>
>> Are you saying this SID from the sam.ldb database doesn't
>> map to a UNIX uid ? It is only the guest SID that is causing
>> the problem for Günter.
>>
>> I guess I don't understand what you're trying to tell
>> me here (explain like I'm five please :-).
> 
> Just to be clear what I don't understand :-).
> 
> Even if the 'username -> getpwnam() -> uid_to_sid()'
> part isn't done and we start with a SID from sam.ldb,
> if this SID is a primary user in a token (which
> it is in this case) I would expect that we must
> be able to do :
> 
> sid_to_uid() -> getpwuid()
> 
> and get back a valid 'struct passwd' coming
> from the smbd winbindd, or if we're inside the AD-DC
> code coming from the built-in winbindd.
> 
> Even if winbindd isn't running the SID
> should be from the 'legacy' uid_to_sid/sid_to_uid
> code so it should still map to a valid user
> on the system (*somewhere* inside /etc/passwd :-).
> 
> Under what circumstances is this not the
> case ?
> 
> Remember we're creating a token here which
> is then mapped into a UNIX uid+gid_list
> credential struct that can be set on the
> process, so I think it needs to mean *something*
> to the system.
> 
> Jeremy.
> 

Hi Jeremy, Andrew,

i'm atm doing all my tests with opensuse-13.1 - which uses *very* recent stuff all around..

It should be easy to do the same steps on other distros:

1.) built recent git master
2.) "make install"
3.) samba-tool domain provision --interactive
4.) /usr/local/samba/sbin/samba -i -M single -d3

I see enough other samba-4.x problems here around - and would be happy if some
other developer would do the same (simple) steps from above...
Just to validate that this problem really exists (not only for me).

Cheers, Günter

Btw - heaving such an "uptodate opensuse version around" has many advantages - but
i also had *lots* of troubles to get (very new MIT supplied) krb5 working ... and so on

-- 



More information about the samba-technical mailing list