with most recent git master smbd fails to start in AD DC mode
linux at kukkukk.com
Sat Mar 22 22:11:11 MDT 2014
Am 23.03.2014 04:11, schrieb Jeremy Allison:
> On Sat, Mar 22, 2014 at 07:55:49PM -0700, Jeremy Allison wrote:
>> On Sun, Mar 23, 2014 at 01:03:35PM +1300, Andrew Bartlett wrote:
>>> On Sat, 2014-03-22 at 12:39 -0700, Jeremy Allison wrote:
>>>> username -> getpwnam() -> uid_to_sid() -> sid_to_uid() -> getpwuid() -> username
>>> | This part |
>>> doesn't happen in the AD DC case. We start with a SID from the sam.ldb
>> Are you saying this SID from the sam.ldb database doesn't
>> map to a UNIX uid ? It is only the guest SID that is causing
>> the problem for Günter.
>> I guess I don't understand what you're trying to tell
>> me here (explain like I'm five please :-).
> Just to be clear what I don't understand :-).
> Even if the 'username -> getpwnam() -> uid_to_sid()'
> part isn't done and we start with a SID from sam.ldb,
> if this SID is a primary user in a token (which
> it is in this case) I would expect that we must
> be able to do :
> sid_to_uid() -> getpwuid()
> and get back a valid 'struct passwd' coming
> from the smbd winbindd, or if we're inside the AD-DC
> code coming from the built-in winbindd.
> Even if winbindd isn't running the SID
> should be from the 'legacy' uid_to_sid/sid_to_uid
> code so it should still map to a valid user
> on the system (*somewhere* inside /etc/passwd :-).
> Under what circumstances is this not the
> case ?
> Remember we're creating a token here which
> is then mapped into a UNIX uid+gid_list
> credential struct that can be set on the
> process, so I think it needs to mean *something*
> to the system.
Hi Jeremy, Andrew,
i'm atm doing all my tests with opensuse-13.1 - which uses *very* recent stuff all around..
It should be easy to do the same steps on other distros:
1.) built recent git master
2.) "make install"
3.) samba-tool domain provision --interactive
4.) /usr/local/samba/sbin/samba -i -M single -d3
I see enough other samba-4.x problems here around - and would be happy if some
other developer would do the same (simple) steps from above...
Just to validate that this problem really exists (not only for me).
Btw - heaving such an "uptodate opensuse version around" has many advantages - but
i also had *lots* of troubles to get (very new MIT supplied) krb5 working ... and so on
More information about the samba-technical