ctdb in autobuild broken -- ctdb depends on winbind now????

Rowland Penny repenny241155 at gmail.com
Mon Jan 9 17:03:37 UTC 2017


On Mon, 09 Jan 2017 17:52:18 +0100
Andreas Schneider <asn at samba.org> wrote:

> On Monday, 9 January 2017 17:30:52 CET Michael Adam wrote:
> > On 2017-01-09 at 14:08 +0100, Andreas Schneider wrote:
> > > On Friday, 6 January 2017 11:53:16 CET Volker Lendecke wrote:
> > > > Quick update: If I run
> > > > 
> > > > make test TESTS=samba.blackbox.wbinfo
> > > > 
> > > > locally, I get two unexpected successes.
> > > > 
> > > > Some tests are designed to fail and now succeed when running
> > > > isolated. Some tests are designed to succeed and now fail when
> > > > running in the full run.
> > > > 
> > > > If I look at selftest/knownfail, I see
> > > > 
> > > > # These do not work against winbindd in member mode for unknown
> > > > reasons
> > > 
> > > Yes, that the test running against the s4member target. I don't
> > > really know
> > > what a s4member is or means. However it seems to be broken!
> > > 
> > > $ bin/wbinfo --user-groups "SAMBADOMAIN/administrator"
> > > 3000000
> > > 3000001
> > > $ bin/wbinfo --gid-to-sid 3000000
> > > S-1-5-21-2767970802-1178991037-3063653489-500
> > > $ bin/wbinfo --sid-to-name
> > > S-1-5-21-2767970802-1178991037-3063653489-500
> > > SAMBADOMAIN/administrator 1 $ bin/wbinfo -g
> > > SAMBADOMAIN/allowed rodc password replication group
> > > SAMBADOMAIN/enterprise read-only domain controllers
> > > SAMBADOMAIN/denied rodc password replication group
> > > SAMBADOMAIN/read-only domain controllers
> > > SAMBADOMAIN/group policy creator owners
> > > SAMBADOMAIN/ras and ias servers
> > > SAMBADOMAIN/domain controllers
> > > SAMBADOMAIN/enterprise admins
> > > SAMBADOMAIN/domain computers
> > > SAMBADOMAIN/cert publishers
> > > SAMBADOMAIN/dnsupdateproxy
> > > SAMBADOMAIN/domain admins
> > > SAMBADOMAIN/domain guests
> > > SAMBADOMAIN/schema admins
> > > SAMBADOMAIN/domain users
> > > SAMBADOMAIN/dnsadmins
> > > $ bin/wbinfo --name-to-sid "SAMBADOMAIN/administrator"
> > > S-1-5-21-2767970802-1178991037-3063653489-500 SID_USER (1)
> > > 
> > > 
> > > 
> > > 
> > > $ bin/wbinfo --user-groups "SAMBADOMAIN/administrator"
> > > 
> > > lists 300000, which is the uid from Administrtor, as a gid!
> > 
> > Yes? I don't thing this per se is a problem...
> > 
> > The same numerical value can be used both for a UID
> > and a GID in a unix system. (On most Linux distros
> > you get a Group of the same nam and ID value as the
> > default group for a newly created user...)
> > 
> > Above you showed that the admin user (ID 300000) has a
> > group of GID 300000 in its unix group list. But this could
> > even resolve to one of the domain groups (like domain admins).
> > (WHat does "wbinfo --gid-to-sid 300000" give?
> > 
> > This could also be sambadomain/administrator, viewed as
> > a group in the unix world. Wih the ID_TYPE_BOTH mapping
> > this can even be achieved in Samba. And i think this
> > may be quite normal in the AD/DC setup (with passdb_dsdb
> > and most id mapping going though passdb..).
> > 
> > > This does not happen against any other enviornment.
> > > I suspect culrpit is the passdb_dsdb module!
> > 
> > Let me ask again: Is this a problem?
> > You pasted some output of wbinfo --user-groups that came
> > unexpected to you, but is it really breaking anything?
> > I think this is expected in the AD environment.
> 
> See yourself:
> 
> make testenv SELFTEST_TESTENV="s4member:local" SCREEN=1

Can I ask, is 's4member' the thing you get if you provision with
'--server-role=member' ???
If so, why are we testing with something that doesn't actually work ???

Rowland





More information about the samba-technical mailing list