[Samba] winbind bug in 2.2.3

Thierry ITTY thierry.itty at besancon.org
Thu Feb 13 17:55:12 GMT 2003 

hello

we got a serious problem with samba 223 and winbind
i didn't find alot about on the net so I thought it could be interesting to
tell you

we have a file server w/ mandrake 8.0, a custom kernel 2.4.18 with quotas,
acls, and a custom samba 2.2.3 with quotas, acl, and winbind. samba
forwards auth to an NT PDC. FS rights are given on domain user names. there
are quite a lot users, ca 2000.

a few days ago we noticed that smbstatus -b gave numeric information
instead of username. then we saw that more and more files in user
directories had no more valid owner name when doing an "ls -l".
we also noticed that the UIDs being assigned by winbind were going higher
and higher : it shouldn't have gone above 12000-13000 (10000 + number of
SIDs in the NT domain) but it quickly reached more than 18000.

we thought that it was a winbind bug, and decided to migrate rapidly to
2.2.7 (another server, with the same h/w and s/w conf except samba version,
is working fine, in another domain and another set of users, say ca 1500).
as everything was compatible we just copied the whole samba tree but
var/locks, where winbind databases reside. we thought that even if a lot of
uids were lost, the most important thing was to keep each owner's rights.

unfortunately this didn't solve the problem, winbind was still allocating
UIDs, and a while ago we got new problems : thought users had a valid
account, they couldn't access to their shares anymore, getting an invalid
account answer.

working with wbinfo, i saw that i could get the right answer when querying
a SID from a name (wbinfo -n), and a name from a SID (-s), but when
querying a UID from a SID (-S) I got the error "Could not convert sid
###-...-### to uid". this was forbidding new connections.

we stopped samba, cleared var/locks and restarted it
then we gave manually (well, with a set of scripts, actually) all the
rights to all the files. hopefully each user could write in his own dir
only, and we could associate the name of the dir and the name of the user.
we were indeed very lucky from this point of view.

conversly, I hope this will be enough to solve the problem, or else it
would mean that we could get the same problem on the other server (which
was launched with 2.2.7)

I'd appreciate a lot any info, either confirming this is a bug or
explaining what kind of situation could have make this happen.

tia


			- * - * - * - * - * - * -
Bien sûr que je suis perfectionniste !
Mais ne pourrais-je pas l'être mieux ?
	Thierry ITTY
eMail : Thierry.Itty at Besancon.org		FRANCE

More information about the samba mailing list