[Samba] Winbind broken after 2.2.8 upgrade

Shawn Wright swright at sls.bc.ca
Tue Mar 25 18:32:38 GMT 2003 

I have just upgraded two of our samba boxes to 2.2.8 and ended up with 
partially broken winbind after the upgrade. The machines are slightly 
different, and so are the symptoms, so here goes:

System 1: Was at 2.2.3 compiled from source Feb4/02, using options: 
"./configure  --with-winbind --with-acl-support --with-quotas". Running on 
RedHat 7.2, installed from SGI's XFS installer to enable ACLs and quotas 
with samba on XFS filesystems. System running fine in production for ~500 
NT domain users for the past 8 months. All users are on NT domain, using 
winbind from user lookups.
After upgrade to 2.2.8, I see the following:

getent passwd shows only local users, no domain users
wbinfo -u and -g report domain users & groups normally
users connecting to smb shares appear as "root" in smbstatus (!)
a nobody share appears browsing the system from an NT box.
As this is  a production system, I've had to revert to 2.2.3 so further testing 
may be difficult at this time.

System #2 is a fresh install of RedHat 8 using the SGI XFS installer v1.2, 
and had the stock samba 2.2.5 rpm installed, over which I compiled and 
installed 2.2.8. Config is essentially the same as system #1 otherwise. 
(smb.conf shown at end of message)

This time, wbinfo -t, -u, -g all work as expected.
getent passwd shows local users, then a list of domain user IDs in the 
format: (where 106xx is the id)

::0:10646:'::
::0:10647:'::
::0:10648:'::

getent group shows a corrupted group listing as follows, "webalizer" is the 
last entry in /etc/group, and the correct domain name is "SHAWNIGAN - 
notice it is mangled in various places:

webalizer:x:67:
hHAWNIGAN+AP French:aminx:1280532334:À«
::1852728681:WNIGAN+abehennah,SHAWNIGAN+adeane,SHAWNIGAN+
dew,SHAWNIGAN+gperry,SH
AWNIGAN+jrc,SHAWNIGAN+rfilgate,SHAWNIGAN+jcs

============
Here is what the above should look like (and does on the other box running 
2.2.3):

SHAWNIGAN+AP French:x:10023:
SHAWNIGAN+Dept-
English:x:10024:SHAWNIGAN+abehennah,SHAWNIGAN+adeane,SHAWN
IGAN+dew,SH
AWNIGAN+gperry,SHAWNIGAN+jrc,SHAWNIGAN+rfilgate,SHAWNIGAN+j
cs

Any ideas? Below is a copy of the smb.conf, essentially the same on both 
boxes:

smb.conf:
=======
[global]
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/student/%U
template shell = /bin/false
create mask = 0700
directory mask = 0700
#force group = 10000
inherit permissions = yes
domain admin group = @root
workgroup = SHAWNIGAN
server string = Student Home Server
hosts allow = 10. 139.142.66. 127.
security = domain
password server =admin2
socket options = TCP_NODELAY IPTOS_LOWDELAY 
SO_RCVBUF=16384 SO_SNDBUF=16384
write raw = yes
read raw = yes
oplocks = yes
max xmit = 65535
dead time = 15
getwd cache = yes

dns proxy = no
unix password sync = no
encrypt passwords = yes
map to guest = never
password level = 0
null passwords = no
allow hosts = 139.142.66. 10.
#    deny hosts =
os level = 0
preferred master = no
domain master = no
wins support = no
wins server = 139.142.66.2
dead time = 0
debug level = 0
log level = 1

[homes]
    comment = Home Directories
    browseable = no 
    writable = yes
    available = yes
    public = no
#    only user = yes
    nt acl support = no
    force group = 10000
#    force security mode = 0777
#    path=/home/student/%U

[home]
    comment = Student Homes
    browseable = yes
    writable = yes
    available = yes
    public = no
    only user = no
    path=/home     

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Shawn Wright, Systems Manager
Shawnigan Lake School
http://www.sls.bc.ca
swright at sls.bc.ca

More information about the samba mailing list