[Samba] Samba as NT Domain Member via Winbind - After Upgrade users prompted for password for any shares

Thomas Pomroy tepomroy at ucdavis.edu
Fri Aug 27 16:26:15 GMT 2004


Excellent. Thanks for the quick turn-around on this one, I hope it helps 
out a lot of people. One thing though, I'm a complete newbie when it 
comes to applying this type of patch. Is there a guide online somewhere 
that someone could point me to?

Again, nice work Jerry!

-Tom

Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Thomas Pomroy wrote:
> 
> | I'm having similar problems with Samba 3.0.6...
> |
> | Jason, try this for scientific purposes:
> |
> | 1. Stop Samba
> | 2. Delete /%samba/var/locks/netsamlogon_cache.tdb
> | 3. Start Samba
> | 4. run 'getent passwd <username>' (where <username> includes the domain
> | name and domain separator if necessary)
> |
> | If the account shows up, my guess is that your shares
> | will work for that  user for the moment. If you try to
> | access a share before that (even  anonymous "\\server"),
> | you'll be locked out and won't be able to access
> | anything until you delete netsamlogon_cache.tdb and
> | start over.
> 
> Here's a preliminary patch.  Sorry.  I'm copying it to
> http://samba.org/~jerry/patches/post-3.0.6/winbind_getpwnam_v1.patch
> This patch does not ensure that we get the username case right.
> 
> 
> 
> 
> cheers, jerry
> - ---------------------------------------------------------------------
> Alleviating the pain of Windows(tm)      ------- http://www.samba.org
> GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
> "If we're adding to the noise, turn off this song"--Switchfoot (2003)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFBLzccIR7qMdg1EfYRAtiMAJ0VsfIcarCZ8jlIb2K299S81MoNwACgztVn
> 6T+hLEjCHoz0TMdnRWunlpQ=
> =/NeU
> -----END PGP SIGNATURE-----
> 
> 
> 
> ------------------------------------------------------------------------
> 
> Index: libsmb/samlogon_cache.c
> ===================================================================
> --- libsmb/samlogon_cache.c	(revision 2082)
> +++ libsmb/samlogon_cache.c	(working copy)
> @@ -106,9 +106,10 @@
>  
>  /***********************************************************************
>   Store a NET_USER_INFO_3 structure in a tdb for later user 
> + username should be in UTF-8 format
>  ***********************************************************************/
>  
> -BOOL netsamlogon_cache_store(TALLOC_CTX *mem_ctx, NET_USER_INFO_3 *user)
> +BOOL netsamlogon_cache_store(TALLOC_CTX *mem_ctx, const char * username, NET_USER_INFO_3 *user)
>  {
>  	TDB_DATA 	data;
>          fstring 	keystr;
> @@ -130,6 +131,14 @@
>  	slprintf(keystr, sizeof(keystr), "%s", sid_string_static(&user_sid));
>  
>  	DEBUG(10,("netsamlogon_cache_store: SID [%s]\n", keystr));
> +	
> +	/* only Samba fills in the username, not sure why NT doesn't */
> +	/* so we fill it in since winbindd_getpwnam() makes use of it */
> +	
> +	if ( !user->uni_user_name.buffer ) {
> +		init_unistr2( &user->uni_user_name, username, STR_TERMINATE );
> +		init_uni_hdr( &user->hdr_user_name, &user->uni_user_name );
> +	}
>  		
>  	/* Prepare data */
>  	
> Index: nsswitch/winbindd_pam.c
> ===================================================================
> --- nsswitch/winbindd_pam.c	(revision 2082)
> +++ nsswitch/winbindd_pam.c	(working copy)
> @@ -283,7 +283,7 @@
>  	}
>  	
>  	if (NT_STATUS_IS_OK(result)) {
> -		netsamlogon_cache_store( cli->mem_ctx, &info3 );
> +		netsamlogon_cache_store( cli->mem_ctx, name_user, &info3 );
>  		wcache_invalidate_samlogon(find_domain_from_name(name_domain), &info3);
>  
>  		/* Check if the user is in the right group */
> @@ -538,7 +538,7 @@
>  	}
>  
>  	if (NT_STATUS_IS_OK(result)) {
> -		netsamlogon_cache_store( cli->mem_ctx, &info3 );
> +		netsamlogon_cache_store( cli->mem_ctx, name_user, &info3 );
>  		wcache_invalidate_samlogon(find_domain_from_name(name_domain), &info3);
>  		
>  		if (!NT_STATUS_IS_OK(result = check_info3_in_group(mem_ctx, &info3, state->request.data.auth_crap.required_membership_sid))) {
> Index: auth/auth_domain.c
> ===================================================================
> --- auth/auth_domain.c	(revision 2082)
> +++ auth/auth_domain.c	(working copy)
> @@ -205,7 +205,7 @@
>  	} else {
>  		nt_status = make_server_info_info3(mem_ctx, user_info->internal_username.str, 
>  						   user_info->smb_name.str, domain, server_info, &info3);
> -		netsamlogon_cache_store( mem_ctx, &info3 );
> +		netsamlogon_cache_store( mem_ctx, user_info->smb_name.str, &info3 );
>  	}
>  
>  #if 0

-- 
_________________________________________________

Thomas Pomroy          | "First, they ignore you.
Systems Administrator  | Then they laugh at you.
UCD Fleet Services     | Then they fight you.
754-8459               | Then you win." -Gandhi
_________________________________________________


More information about the samba mailing list