[Samba] Samba as NT Domain Member via Winbind - After Upgrade
users prompted for password for any shares
Gerald (Jerry) Carter
jerry at samba.org
Fri Aug 27 13:29:00 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thomas Pomroy wrote:
| I'm having similar problems with Samba 3.0.6...
|
| Jason, try this for scientific purposes:
|
| 1. Stop Samba
| 2. Delete /%samba/var/locks/netsamlogon_cache.tdb
| 3. Start Samba
| 4. run 'getent passwd <username>' (where <username> includes the domain
| name and domain separator if necessary)
|
| If the account shows up, my guess is that your shares
| will work for that user for the moment. If you try to
| access a share before that (even anonymous "\\server"),
| you'll be locked out and won't be able to access
| anything until you delete netsamlogon_cache.tdb and
| start over.
Here's a preliminary patch. Sorry. I'm copying it to
http://samba.org/~jerry/patches/post-3.0.6/winbind_getpwnam_v1.patch
This patch does not ensure that we get the username case right.
cheers, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBLzccIR7qMdg1EfYRAtiMAJ0VsfIcarCZ8jlIb2K299S81MoNwACgztVn
6T+hLEjCHoz0TMdnRWunlpQ=
=/NeU
-----END PGP SIGNATURE-----
-------------- next part --------------
Index: libsmb/samlogon_cache.c
===================================================================
--- libsmb/samlogon_cache.c (revision 2082)
+++ libsmb/samlogon_cache.c (working copy)
@@ -106,9 +106,10 @@
/***********************************************************************
Store a NET_USER_INFO_3 structure in a tdb for later user
+ username should be in UTF-8 format
***********************************************************************/
-BOOL netsamlogon_cache_store(TALLOC_CTX *mem_ctx, NET_USER_INFO_3 *user)
+BOOL netsamlogon_cache_store(TALLOC_CTX *mem_ctx, const char * username, NET_USER_INFO_3 *user)
{
TDB_DATA data;
fstring keystr;
@@ -130,6 +131,14 @@
slprintf(keystr, sizeof(keystr), "%s", sid_string_static(&user_sid));
DEBUG(10,("netsamlogon_cache_store: SID [%s]\n", keystr));
+
+ /* only Samba fills in the username, not sure why NT doesn't */
+ /* so we fill it in since winbindd_getpwnam() makes use of it */
+
+ if ( !user->uni_user_name.buffer ) {
+ init_unistr2( &user->uni_user_name, username, STR_TERMINATE );
+ init_uni_hdr( &user->hdr_user_name, &user->uni_user_name );
+ }
/* Prepare data */
Index: nsswitch/winbindd_pam.c
===================================================================
--- nsswitch/winbindd_pam.c (revision 2082)
+++ nsswitch/winbindd_pam.c (working copy)
@@ -283,7 +283,7 @@
}
if (NT_STATUS_IS_OK(result)) {
- netsamlogon_cache_store( cli->mem_ctx, &info3 );
+ netsamlogon_cache_store( cli->mem_ctx, name_user, &info3 );
wcache_invalidate_samlogon(find_domain_from_name(name_domain), &info3);
/* Check if the user is in the right group */
@@ -538,7 +538,7 @@
}
if (NT_STATUS_IS_OK(result)) {
- netsamlogon_cache_store( cli->mem_ctx, &info3 );
+ netsamlogon_cache_store( cli->mem_ctx, name_user, &info3 );
wcache_invalidate_samlogon(find_domain_from_name(name_domain), &info3);
if (!NT_STATUS_IS_OK(result = check_info3_in_group(mem_ctx, &info3, state->request.data.auth_crap.required_membership_sid))) {
Index: auth/auth_domain.c
===================================================================
--- auth/auth_domain.c (revision 2082)
+++ auth/auth_domain.c (working copy)
@@ -205,7 +205,7 @@
} else {
nt_status = make_server_info_info3(mem_ctx, user_info->internal_username.str,
user_info->smb_name.str, domain, server_info, &info3);
- netsamlogon_cache_store( mem_ctx, &info3 );
+ netsamlogon_cache_store( mem_ctx, user_info->smb_name.str, &info3 );
}
#if 0
More information about the samba
mailing list