[Samba] Odd behavior of winbind

Etienne Goyer etienne.goyer at videotron.ca
Wed Jun 1 15:45:59 GMT 2005 

Hi,

I have an odd problem with winbind.  I use it for, among other thing,
nsswitch user resolution.  I believe it have a problem with accessing
information for a single user, or with caching.

When I request info for a specific user, it fail (trying to login also
fail with NT_STATUS_NO_SUCH_USER).  But it work when I request info for
all users.  And then, login and getent for single account start working
too!  Example :

[root at server samba]# getent passwd testuser
[root at server samba]# getent passwd | grep testuser
testuser:*:10210:10000:testuser:/home/testuser:/bin/bash
[root at server samba]# getent passwd testuser
testuser:*:10210:10000:testuser:/home/testuser:/bin/bash
[root at server samba]#

It would work if I ran "wbinfo -u" too.  If I wait little while (the
equivalent of "winbind cache time" ?), then the same problem reappear.

My hypothesis is that winbind fail to grab account information for a
single user, but work when fetching info for all users.  Thus the cache
get populated, and it work while it does'nt time out.

How can it make it work without having to run binfo -u" or "getent
passwd" manually ?  I am using RHEL 4 with Samba  samba-3.0.10-1.4E if
it matter.

Here is an excerpt from my winbindd.log at -d3 :

(...snip unrelated stuff...)
[2005/06/01 11:19:05, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(126)
  [  921]: getpwnam testuser
[2005/06/01 11:19:05, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
  user 'testuser' does not exist
[2005/06/01 11:19:11, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
  [  922]: request interface version
[2005/06/01 11:19:11, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
  [  922]: request location of privileged pipe
[2005/06/01 11:19:11, 3] nsswitch/winbindd_user.c:winbindd_setpwent(310)
  [  922]: setpwent
[2005/06/01 11:19:11, 3] nsswitch/winbindd_user.c:winbindd_getpwent(486)
  [  922]: getpwent
[2005/06/01 11:19:11, 3] nsswitch/winbindd_ads.c:query_user_list(128)
  ads: query_user_list
[2005/06/01 11:19:11, 3] nsswitch/winbindd_ads.c:query_user_list(202)
  ads query_user_list gave 235 entries
[2005/06/01 11:19:11, 3] nsswitch/winbindd_user.c:winbindd_getpwent(486)
  [  922]: getpwent
[2005/06/01 11:19:11, 3] nsswitch/winbindd_user.c:winbindd_endpwent(375)
  [  922]: endpwent
[2005/06/01 11:19:29, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
  [  924]: request interface version
[2005/06/01 11:19:29, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
  [  924]: request location of privileged pipe
[2005/06/01 11:19:29, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(126)
  [  924]: getpwnam testuser
(...snip unrelated stuff...)

Here are the revelant part of my smb.conf :

   workgroup = WG
   allow trusted domains = no
   security = ads
   realm    = WG.TEST.DOM
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   template shell = /bin/bash
   template homedir = /home/%U
   template primary group = somegroup
   winbind use default domain = yes

Thanks for your insights !

Etienne Goyer

More information about the samba mailing list