ctdb in autobuild broken -- ctdb depends on winbind now????

Michael Adam obnox at samba.org
Mon Jan 9 16:30:52 UTC 2017 

On 2017-01-09 at 14:08 +0100, Andreas Schneider wrote:
> On Friday, 6 January 2017 11:53:16 CET Volker Lendecke wrote:
> > Quick update: If I run
> > 
> > make test TESTS=samba.blackbox.wbinfo
> > 
> > locally, I get two unexpected successes.
> > 
> > Some tests are designed to fail and now succeed when running isolated.
> > Some tests are designed to succeed and now fail when running in the full
> > run.
> > 
> > If I look at selftest/knownfail, I see
> > 
> > # These do not work against winbindd in member mode for unknown reasons
> 
> Yes, that the test running against the s4member target. I don't really know 
> what a s4member is or means. However it seems to be broken!
> 
> $ bin/wbinfo --user-groups "SAMBADOMAIN/administrator"
> 3000000
> 3000001
> $ bin/wbinfo --gid-to-sid 3000000
> S-1-5-21-2767970802-1178991037-3063653489-500
> $ bin/wbinfo --sid-to-name S-1-5-21-2767970802-1178991037-3063653489-500
> SAMBADOMAIN/administrator 1
> $ bin/wbinfo -g
> SAMBADOMAIN/allowed rodc password replication group
> SAMBADOMAIN/enterprise read-only domain controllers
> SAMBADOMAIN/denied rodc password replication group
> SAMBADOMAIN/read-only domain controllers
> SAMBADOMAIN/group policy creator owners
> SAMBADOMAIN/ras and ias servers
> SAMBADOMAIN/domain controllers
> SAMBADOMAIN/enterprise admins
> SAMBADOMAIN/domain computers
> SAMBADOMAIN/cert publishers
> SAMBADOMAIN/dnsupdateproxy
> SAMBADOMAIN/domain admins
> SAMBADOMAIN/domain guests
> SAMBADOMAIN/schema admins
> SAMBADOMAIN/domain users
> SAMBADOMAIN/dnsadmins
> $ bin/wbinfo --name-to-sid "SAMBADOMAIN/administrator"
> S-1-5-21-2767970802-1178991037-3063653489-500 SID_USER (1)
> 
> 
> 
> 
> $ bin/wbinfo --user-groups "SAMBADOMAIN/administrator"
> 
> lists 300000, which is the uid from Administrtor, as a gid!

Yes? I don't thing this per se is a problem...

The same numerical value can be used both for a UID
and a GID in a unix system. (On most Linux distros
you get a Group of the same nam and ID value as the
default group for a newly created user...)

Above you showed that the admin user (ID 300000) has a
group of GID 300000 in its unix group list. But this could
even resolve to one of the domain groups (like domain admins).
(WHat does "wbinfo --gid-to-sid 300000" give?

This could also be sambadomain/administrator, viewed as
a group in the unix world. Wih the ID_TYPE_BOTH mapping
this can even be achieved in Samba. And i think this
may be quite normal in the AD/DC setup (with passdb_dsdb
and most id mapping going though passdb..).

> This does not happen against any other enviornment.
> I suspect culrpit is the passdb_dsdb module!

Let me ask again: Is this a problem?
You pasted some output of wbinfo --user-groups that came
unexpected to you, but is it really breaking anything?
I think this is expected in the AD environment.

Cheers - Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170109/206728a9/signature.sig>

More information about the samba-technical mailing list