[Samba] Re: Winbind broken after 2.2.8 upgrade
abartlet at samba.org
Thu Mar 27 01:27:26 GMT 2003
On Wed, Mar 26, 2003 at 04:11:13PM -0800, Shawn Wright wrote:
> Ok, stupid me. Somehow I missed updating /lib/libnss_winbind.so on both
> these machines. Presumably this would have also caused corruption of the
> winbind idmap?
I doubt it, actually.
> Since winbind is now installed with a "make install", would it not be a good
> idea to also install libnss_winbind.so also? Or at least provide some version
> checking in winbind so that it will fail to start and report an error if it
> encounters the wrong version of libnss_winbind.so?
Winbind doens't *require* libnss_winbind - there are actually situations where
it is used without it. That said, I've implemented some extensive version
checks from the client side - we certainly won't connect to a winbind with
a different protocol version any more.
> It seems that the idmap file is a very weak link in samba right now, so every
> effort should be made to prevent corruption during upgrades, etc.
> In our case, I was able to re-apply acls for 400 users, but quota information
> for a large shared file volume was lost, as I could not re-map the ids, and
> had to reset file ownerships to avoid users having incorrect quota
Yes, we need to work on that - the outsource of this into LDAP is one example
of these efforts - and we did have a project to dump/import the tdb to a text
file, but I'm not sure what happened to it...
> On 25 Mar 2003 at 10:32, samba at lists.samba.org wrote:
> > I have just upgraded two of our samba boxes to 2.2.8 and ended up with
> > partially broken winbind after the upgrade. The machines are slightly
> > different, and so are the symptoms, so here goes:
> > System 1: Was at 2.2.3 compiled from source Feb4/02, using options:
> > "./configure --with-winbind --with-acl-support --with-quotas". Running on
> > RedHat 7.2, installed from SGI's XFS installer to enable ACLs and quotas
> > with samba on XFS filesystems. System running fine in production for ~500
> > NT domain users for the past 8 months. All users are on NT domain, using
> > winbind from user lookups.
> > After upgrade to 2.2.8, I see the following:
> > getent passwd shows only local users, no domain users
> > wbinfo -u and -g report domain users & groups normally
> > users connecting to smb shares appear as "root" in smbstatus (!)
> > a nobody share appears browsing the system from an NT box.
> > As this is a production system, I've had to revert to 2.2.3 so further testing
> > may be difficult at this time.
> > System #2 is a fresh install of RedHat 8 using the SGI XFS installer v1.2,
> > and had the stock samba 2.2.5 rpm installed, over which I compiled and
> > installed 2.2.8. Config is essentially the same as system #1 otherwise.
> > (smb.conf shown at end of message)
> > This time, wbinfo -t, -u, -g all work as expected.
> > getent passwd shows local users, then a list of domain user IDs in the
> > format: (where 106xx is the id)
> > ::0:10646:'::
> > ::0:10647:'::
> > ::0:10648:'::
> > getent group shows a corrupted group listing as follows, "webalizer" is the
> > last entry in /etc/group, and the correct domain name is "SHAWNIGAN -
> > notice it is mangled in various places:
> > webalizer:x:67:
> > hHAWNIGAN+AP French:aminx:1280532334:À«
> > ::1852728681:WNIGAN+abehennah,SHAWNIGAN+adeane,SHAWNIGAN+
> > dew,SHAWNIGAN+gperry,SH
> > AWNIGAN+jrc,SHAWNIGAN+rfilgate,SHAWNIGAN+jcs
> > ============
> > Here is what the above should look like (and does on the other box running
> > 2.2.3):
> > SHAWNIGAN+AP French:x:10023:
> > SHAWNIGAN+Dept-
> > English:x:10024:SHAWNIGAN+abehennah,SHAWNIGAN+adeane,SHAWN
> > IGAN+dew,SH
> > AWNIGAN+gperry,SHAWNIGAN+jrc,SHAWNIGAN+rfilgate,SHAWNIGAN+j
> > cs
> Shawn Wright, Systems Manager
> Shawnigan Lake School
> swright at sls.bc.ca
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba