[Samba] Samba as NT Domain Member via Winbind - After Upgrade
users prompted for password for any shares
Thomas Pomroy
tepomroy at ucdavis.edu
Fri Aug 27 16:26:15 GMT 2004
Excellent. Thanks for the quick turn-around on this one, I hope it helps
out a lot of people. One thing though, I'm a complete newbie when it
comes to applying this type of patch. Is there a guide online somewhere
that someone could point me to?
Again, nice work Jerry!
-Tom
Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Thomas Pomroy wrote:
>
> | I'm having similar problems with Samba 3.0.6...
> |
> | Jason, try this for scientific purposes:
> |
> | 1. Stop Samba
> | 2. Delete /%samba/var/locks/netsamlogon_cache.tdb
> | 3. Start Samba
> | 4. run 'getent passwd <username>' (where <username> includes the domain
> | name and domain separator if necessary)
> |
> | If the account shows up, my guess is that your shares
> | will work for that user for the moment. If you try to
> | access a share before that (even anonymous "\\server"),
> | you'll be locked out and won't be able to access
> | anything until you delete netsamlogon_cache.tdb and
> | start over.
>
> Here's a preliminary patch. Sorry. I'm copying it to
> http://samba.org/~jerry/patches/post-3.0.6/winbind_getpwnam_v1.patch
> This patch does not ensure that we get the username case right.
>
>
>
>
> cheers, jerry
> - ---------------------------------------------------------------------
> Alleviating the pain of Windows(tm) ------- http://www.samba.org
> GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
> "If we're adding to the noise, turn off this song"--Switchfoot (2003)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFBLzccIR7qMdg1EfYRAtiMAJ0VsfIcarCZ8jlIb2K299S81MoNwACgztVn
> 6T+hLEjCHoz0TMdnRWunlpQ=
> =/NeU
> -----END PGP SIGNATURE-----
>
>
>
> ------------------------------------------------------------------------
>
> Index: libsmb/samlogon_cache.c
> ===================================================================
> --- libsmb/samlogon_cache.c (revision 2082)
> +++ libsmb/samlogon_cache.c (working copy)
> @@ -106,9 +106,10 @@
>
> /***********************************************************************
> Store a NET_USER_INFO_3 structure in a tdb for later user
> + username should be in UTF-8 format
> ***********************************************************************/
>
> -BOOL netsamlogon_cache_store(TALLOC_CTX *mem_ctx, NET_USER_INFO_3 *user)
> +BOOL netsamlogon_cache_store(TALLOC_CTX *mem_ctx, const char * username, NET_USER_INFO_3 *user)
> {
> TDB_DATA data;
> fstring keystr;
> @@ -130,6 +131,14 @@
> slprintf(keystr, sizeof(keystr), "%s", sid_string_static(&user_sid));
>
> DEBUG(10,("netsamlogon_cache_store: SID [%s]\n", keystr));
> +
> + /* only Samba fills in the username, not sure why NT doesn't */
> + /* so we fill it in since winbindd_getpwnam() makes use of it */
> +
> + if ( !user->uni_user_name.buffer ) {
> + init_unistr2( &user->uni_user_name, username, STR_TERMINATE );
> + init_uni_hdr( &user->hdr_user_name, &user->uni_user_name );
> + }
>
> /* Prepare data */
>
> Index: nsswitch/winbindd_pam.c
> ===================================================================
> --- nsswitch/winbindd_pam.c (revision 2082)
> +++ nsswitch/winbindd_pam.c (working copy)
> @@ -283,7 +283,7 @@
> }
>
> if (NT_STATUS_IS_OK(result)) {
> - netsamlogon_cache_store( cli->mem_ctx, &info3 );
> + netsamlogon_cache_store( cli->mem_ctx, name_user, &info3 );
> wcache_invalidate_samlogon(find_domain_from_name(name_domain), &info3);
>
> /* Check if the user is in the right group */
> @@ -538,7 +538,7 @@
> }
>
> if (NT_STATUS_IS_OK(result)) {
> - netsamlogon_cache_store( cli->mem_ctx, &info3 );
> + netsamlogon_cache_store( cli->mem_ctx, name_user, &info3 );
> wcache_invalidate_samlogon(find_domain_from_name(name_domain), &info3);
>
> if (!NT_STATUS_IS_OK(result = check_info3_in_group(mem_ctx, &info3, state->request.data.auth_crap.required_membership_sid))) {
> Index: auth/auth_domain.c
> ===================================================================
> --- auth/auth_domain.c (revision 2082)
> +++ auth/auth_domain.c (working copy)
> @@ -205,7 +205,7 @@
> } else {
> nt_status = make_server_info_info3(mem_ctx, user_info->internal_username.str,
> user_info->smb_name.str, domain, server_info, &info3);
> - netsamlogon_cache_store( mem_ctx, &info3 );
> + netsamlogon_cache_store( mem_ctx, user_info->smb_name.str, &info3 );
> }
>
> #if 0
--
_________________________________________________
Thomas Pomroy | "First, they ignore you.
Systems Administrator | Then they laugh at you.
UCD Fleet Services | Then they fight you.
754-8459 | Then you win." -Gandhi
_________________________________________________
More information about the samba
mailing list