[Samba] winbindd using FQDN domain name now?

Adrian Chung adrian at enfusion-group.com
Mon Sep 15 20:00:14 GMT 2003 

As of RC3 and RC4, I've noticed that winbindd's wb_getpwuid function
is using the form <FQDN-domain><winbind-seperator><username>, and
before, it was simply <NetBIOS-domain><winbind-seperator><username>.

The net effect of what I'm seeing is that users which have a UNIX
account locally on the samba box and also a domain account are being
authenticated against the AD DC, but their UIDs are getting resolved
to the local UNIX UIDs rather than AD UIDs.

Here's a snippet of the winbind log (level 5) from an XP Home box (not
a domain member):

[2003/09/15 15:46:49, 3]
nsswitch/winbindd_user.c:winbindd_getpwnam(112)
  [ 6439]: getpwnam genosha-neil
[2003/09/15 15:46:49, 3] nsswitch/winbindd_ads.c:sequence_number(778)
  ads: fetch sequence_number for GENOSHA
[2003/09/15 15:46:49, 5] libads/ldap_utils.c:ads_do_search_retry(52)
  Search for (objectclass=*) gave 1 replies
[2003/09/15 15:46:49, 3] nsswitch/winbindd_ads.c:name_to_sid(312)
  ads: name_to_sid
[2003/09/15 15:46:49, 5] libads/ldap_utils.c:ads_do_search_retry(52)
  Search for
(|(sAMAccountName=neil)(userPrincipalName=neil at GENOSHA.ENFUSION-GROUP.COM))
gave 1 replies
[2003/09/15 15:46:49, 3] libads/ads_ldap.c:ads_name_to_sid(82)
  ads name_to_sid mapped neil
[2003/09/15 15:46:50, 3] nsswitch/winbindd_misc.c:winbindd_ping(208)
  [ 6439]: ping
[2003/09/15 15:46:50, 3]
nsswitch/winbindd_user.c:winbindd_getpwnam(112)
  [ 6439]: getpwnam genosha-neil
[2003/09/15 15:46:50, 3] nsswitch/winbindd_ads.c:name_to_sid(312)
  ads: name_to_sid
[2003/09/15 15:46:50, 5] libads/ldap_utils.c:ads_do_search_retry(52)
  Search for
(|(sAMAccountName=neil)(userPrincipalName=neil at GENOSHA.ENFUSION-GROUP.COM))
gave 1 replies

>From XP SP1 boxes that are domain members:

[2003/09/15 15:49:17, 3]
nsswitch/winbindd_user.c:winbindd_getpwnam(112)
  [ 6453]: getpwnam genosha.enfusion-group.com-adrian
[2003/09/15 15:49:17, 5]
nsswitch/winbindd_user.c:winbindd_getpwnam(140)
  no such domain: GENOSHA.ENFUSION
[2003/09/15 15:49:17, 3]
nsswitch/winbindd_user.c:winbindd_getpwnam(112)
  [ 6453]: getpwnam GENOSHA.ENFUSION-GROUP.COM-adrian
[2003/09/15 15:49:17, 5]
nsswitch/winbindd_user.c:winbindd_getpwnam(140)
  no such domain: GENOSHA.ENFUSION
[2003/09/15 15:49:17, 3]
nsswitch/winbindd_user.c:winbindd_getpwnam(112)
  [ 6453]: getpwnam GENOSHA.ENFUSION-GROUP.COM-ADRIAN
[2003/09/15 15:49:17, 5]
nsswitch/winbindd_user.c:winbindd_getpwnam(140)
  no such domain: GENOSHA.ENFUSION
[2003/09/15 15:49:23, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(231)
  [ 6455]: request interface version
[2003/09/15 15:49:23, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(267)
  [ 6455]: request location of privileged pipe
[2003/09/15 15:49:23, 5] nsswitch/winbindd.c:winbind_client_read(462)
  read failed on sock 19, pid 6455: EOF
[2003/09/15 15:49:23, 3]
nsswitch/winbindd_user.c:winbindd_getpwuid(213)
  [ 6455]: getpwuid 20007
[2003/09/15 15:49:23, 4] nsswitch/winbindd_acct.c:wb_getpwuid(413)
  wb_getpwuid: failed to locate uid == 20007

At this point, I'm authenticated as the UNIX UID and have access via
samba, but smbstatus shows the wrong username (the non-domain user).

Anyone know how I can fix this?

--
Adrian Chung (adrian at enfusion-group dot com)
http://www.enfusion-group.com/~adrian/
GPG Fingerprint: C620 C8EA 86BA 79CC 384C E7BE A10C 353B 919D 1A17
[rogue.genosha.enfusion-group.com] 3:55pm up 4 days, 17:09, 3 users

More information about the samba mailing list