ctdb in autobuild broken -- ctdb depends on winbind now????
Michael Adam
obnox at samba.org
Mon Jan 9 16:30:52 UTC 2017
On 2017-01-09 at 14:08 +0100, Andreas Schneider wrote:
> On Friday, 6 January 2017 11:53:16 CET Volker Lendecke wrote:
> > Quick update: If I run
> >
> > make test TESTS=samba.blackbox.wbinfo
> >
> > locally, I get two unexpected successes.
> >
> > Some tests are designed to fail and now succeed when running isolated.
> > Some tests are designed to succeed and now fail when running in the full
> > run.
> >
> > If I look at selftest/knownfail, I see
> >
> > # These do not work against winbindd in member mode for unknown reasons
>
> Yes, that the test running against the s4member target. I don't really know
> what a s4member is or means. However it seems to be broken!
>
> $ bin/wbinfo --user-groups "SAMBADOMAIN/administrator"
> 3000000
> 3000001
> $ bin/wbinfo --gid-to-sid 3000000
> S-1-5-21-2767970802-1178991037-3063653489-500
> $ bin/wbinfo --sid-to-name S-1-5-21-2767970802-1178991037-3063653489-500
> SAMBADOMAIN/administrator 1
> $ bin/wbinfo -g
> SAMBADOMAIN/allowed rodc password replication group
> SAMBADOMAIN/enterprise read-only domain controllers
> SAMBADOMAIN/denied rodc password replication group
> SAMBADOMAIN/read-only domain controllers
> SAMBADOMAIN/group policy creator owners
> SAMBADOMAIN/ras and ias servers
> SAMBADOMAIN/domain controllers
> SAMBADOMAIN/enterprise admins
> SAMBADOMAIN/domain computers
> SAMBADOMAIN/cert publishers
> SAMBADOMAIN/dnsupdateproxy
> SAMBADOMAIN/domain admins
> SAMBADOMAIN/domain guests
> SAMBADOMAIN/schema admins
> SAMBADOMAIN/domain users
> SAMBADOMAIN/dnsadmins
> $ bin/wbinfo --name-to-sid "SAMBADOMAIN/administrator"
> S-1-5-21-2767970802-1178991037-3063653489-500 SID_USER (1)
>
>
>
>
> $ bin/wbinfo --user-groups "SAMBADOMAIN/administrator"
>
> lists 300000, which is the uid from Administrtor, as a gid!
Yes? I don't thing this per se is a problem...
The same numerical value can be used both for a UID
and a GID in a unix system. (On most Linux distros
you get a Group of the same nam and ID value as the
default group for a newly created user...)
Above you showed that the admin user (ID 300000) has a
group of GID 300000 in its unix group list. But this could
even resolve to one of the domain groups (like domain admins).
(WHat does "wbinfo --gid-to-sid 300000" give?
This could also be sambadomain/administrator, viewed as
a group in the unix world. Wih the ID_TYPE_BOTH mapping
this can even be achieved in Samba. And i think this
may be quite normal in the AD/DC setup (with passdb_dsdb
and most id mapping going though passdb..).
> This does not happen against any other enviornment.
> I suspect culrpit is the passdb_dsdb module!
Let me ask again: Is this a problem?
You pasted some output of wbinfo --user-groups that came
unexpected to you, but is it really breaking anything?
I think this is expected in the AD environment.
Cheers - Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170109/206728a9/signature.sig>
More information about the samba-technical
mailing list