[Samba] Weird problem with mixed up id's

M. Müller mamue at lb-bbs1.emd.ni.schule.de
Wed Jan 29 08:13:59 GMT 2003 

Several users get sometimes the wrong profile.
I have one example here:
The user bfs1a-15 logs in. The batch file is created, transfered to the
client and executed. Among others there is a line saying:
net use p: /home
The user gets an error, saying "the password for \\fileserver\fg13z-15 is
wrong, type in the for \\fileserver\fg13z-15:" (translated from german).
I know from the past that some people are missing some files. I saw some
people very confused about files that are in there profile (e.g.: Desktop)
that they never created.
When I look at it, the files have their user-id but it is absolutely
unlikely that:
1.: these files wre created by a hacker
2.: they created those themselfes (they werent here at that day).

In short:
The wrong profile is loaded. Files are written into the profile with the
corresponding id.
I can't prove it yet, but it looks like the wrong user-id is transfered to
samba. I noticed that one user logged in from different computers in
different rooms at nearly the same time. But that might also be two people
sharing the same id (very unlikely).
I notice that both ids have the same length and end with "-15"

I use samba2.2.7 and Openldap 2.1.8.  I turned on optimization in the samba
makefile (CFLAGS=-O9) .
When people log in, the server is under stress from ldap-queries.
The clients are manly NT4 and Win2k.
As this happens infrequently, I don't know where I could start to find the
reason.

The ldap-entry of fg13z-15:
dn: cn=fg13z-15,dc=bbs1-emden,dc=schule
objectClass: posixAccount
objectClass: sambaAccount
objectClass: account
objectClass: mailRecipient
gidNumber: 500
loginShell: /bin/false
description: schueler
uid: fg13z-15
pwdLastSet: 1028701166
logonTime: 0
logoffTime: 2147483647
kickoffTime: 2147483647
pwdCanChange: 0
pwdMustChange: 2147483647
displayName: fg13z-15
cn: fg13z-15
rid: 3436
primaryGroupID: 2001
acctFlags: [UX         ]
uidNumber: 5258
mail: fg13z-15 at lb-bbs1.emd.ni.schule.de
mailLocalAddress: fg13z-15 at fileserver.bbs1-emden.schule
mailDeliveryOption: accept
homeDirectory: /home/schueler/fg13z-15
homeDrive: P:
smbHome: \\fileserver\fg13z-15

The ldap-entry of bfs1a-15:
dn: cn=bfs1a-15,dc=bbs1-emden,dc=schule
objectClass: posixAccount
objectClass: sambaAccount
objectClass: account
objectClass: mailRecipient
uidNumber: 1218
gidNumber: 500
loginShell: /bin/false
description: schueler
uid: bfs1a-15
pwdLastSet: 1028309071
logonTime: 0
logoffTime: 2147483647
kickoffTime: 2147483647
pwdCanChange: 0
pwdMustChange: 2147483647
displayName: bfs1a-15
cn: bfs1a-15
rid: 3436
primaryGroupID: 2001
acctFlags: [UX         ]
mail: bfs1a-15 at lb-bbs1.emd.ni.schule.de
mailLocalAddress: bfs1a-15 at fileserver.bbs1-emden.schule
mailDeliveryOption: accept
homeDirectory: /home/schueler/bfs1a-15
homeDrive: P:
smbHome: \\fileserver\bfs1a-15


Aarrgh! They have the same rid! Might that be the reason? Entries were
modified by smbpasswd. How can I solve that (1400+ users).
Don't look for errors in smbpasswd, it is very likely my mistake.

Thanks for any help,
Malte Mueller

More information about the samba mailing list