[Samba] Winbind broken after 2.2.8 upgrade
Shawn Wright
swright at sls.bc.ca
Tue Mar 25 18:32:38 GMT 2003
I have just upgraded two of our samba boxes to 2.2.8 and ended up with
partially broken winbind after the upgrade. The machines are slightly
different, and so are the symptoms, so here goes:
System 1: Was at 2.2.3 compiled from source Feb4/02, using options:
"./configure --with-winbind --with-acl-support --with-quotas". Running on
RedHat 7.2, installed from SGI's XFS installer to enable ACLs and quotas
with samba on XFS filesystems. System running fine in production for ~500
NT domain users for the past 8 months. All users are on NT domain, using
winbind from user lookups.
After upgrade to 2.2.8, I see the following:
getent passwd shows only local users, no domain users
wbinfo -u and -g report domain users & groups normally
users connecting to smb shares appear as "root" in smbstatus (!)
a nobody share appears browsing the system from an NT box.
As this is a production system, I've had to revert to 2.2.3 so further testing
may be difficult at this time.
System #2 is a fresh install of RedHat 8 using the SGI XFS installer v1.2,
and had the stock samba 2.2.5 rpm installed, over which I compiled and
installed 2.2.8. Config is essentially the same as system #1 otherwise.
(smb.conf shown at end of message)
This time, wbinfo -t, -u, -g all work as expected.
getent passwd shows local users, then a list of domain user IDs in the
format: (where 106xx is the id)
::0:10646:'::
::0:10647:'::
::0:10648:'::
getent group shows a corrupted group listing as follows, "webalizer" is the
last entry in /etc/group, and the correct domain name is "SHAWNIGAN -
notice it is mangled in various places:
webalizer:x:67:
hHAWNIGAN+AP French:aminx:1280532334:À«
::1852728681:WNIGAN+abehennah,SHAWNIGAN+adeane,SHAWNIGAN+
dew,SHAWNIGAN+gperry,SH
AWNIGAN+jrc,SHAWNIGAN+rfilgate,SHAWNIGAN+jcs
============
Here is what the above should look like (and does on the other box running
2.2.3):
SHAWNIGAN+AP French:x:10023:
SHAWNIGAN+Dept-
English:x:10024:SHAWNIGAN+abehennah,SHAWNIGAN+adeane,SHAWN
IGAN+dew,SH
AWNIGAN+gperry,SHAWNIGAN+jrc,SHAWNIGAN+rfilgate,SHAWNIGAN+j
cs
Any ideas? Below is a copy of the smb.conf, essentially the same on both
boxes:
smb.conf:
=======
[global]
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/student/%U
template shell = /bin/false
create mask = 0700
directory mask = 0700
#force group = 10000
inherit permissions = yes
domain admin group = @root
workgroup = SHAWNIGAN
server string = Student Home Server
hosts allow = 10. 139.142.66. 127.
security = domain
password server =admin2
socket options = TCP_NODELAY IPTOS_LOWDELAY
SO_RCVBUF=16384 SO_SNDBUF=16384
write raw = yes
read raw = yes
oplocks = yes
max xmit = 65535
dead time = 15
getwd cache = yes
dns proxy = no
unix password sync = no
encrypt passwords = yes
map to guest = never
password level = 0
null passwords = no
allow hosts = 139.142.66. 10.
# deny hosts =
os level = 0
preferred master = no
domain master = no
wins support = no
wins server = 139.142.66.2
dead time = 0
debug level = 0
log level = 1
[homes]
comment = Home Directories
browseable = no
writable = yes
available = yes
public = no
# only user = yes
nt acl support = no
force group = 10000
# force security mode = 0777
# path=/home/student/%U
[home]
comment = Student Homes
browseable = yes
writable = yes
available = yes
public = no
only user = no
path=/home
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Shawn Wright, Systems Manager
Shawnigan Lake School
http://www.sls.bc.ca
swright at sls.bc.ca
More information about the samba
mailing list