[Samba] Winbindd chokes on W2K users in only one group

neil klopfenstein neilk at geovectra.cl
Thu Jun 2 17:04:35 GMT 2005 

Hi there,

I've been trying to set up Samba 3.0.14a with Active Directory 
integration on a network with an ordinary W2k Server PDC. I'm currently 
having a problem which I'm convinced has nothing to do with my Windows 
or Samba configuration.

The problem only occurs when trying to connect to the Samba server from 
an authenticated domain account which is only a member of the default 
'Domain users' group. When this is the case, the 
'make_server_info_from_pw' function returns NT_STATUS_NO_SUCH_USER, 
incorrectly.

Here is an appropriate log fragment (debug = 5):
[2005/06/02 12:51:19, 3] libads/ads_ldap.c:ads_sid_to_dn(222)
   ads sid_to_dn mapped CN=Neil Klopfenstein,CN=Users,DC=geovectra,DC=cl
[2005/06/02 12:51:19, 5] libads/ldap_utils.c:ads_do_search_retry(56)
   Search for (objectclass=*) gave 1 replies
[2005/06/02 12:51:19, 3] nsswitch/winbindd_ads.c:lookup_usergroups_alt(463)
   ads: lookup_usergroups_alt
[2005/06/02 12:51:19, 5] libads/ldap_utils.c:ads_do_search_retry(56)
   Search for (&(member=CN=Neil 
Klopfenstein,CN=Users,DC=geovectra,DC=cl)(objectClass=group)) gave 0 replies
[2005/06/02 12:51:19, 5] nsswitch/winbindd_ads.c:lookup_usergroups_alt(498)
   lookup_usergroups: No supp groups found
[2005/06/02 12:51:19, 4] auth/auth_util.c:add_user_groups(796)
   get_user_groups_from_local_sam failed
[2005/06/02 12:51:19, 5] auth/auth_util.c:free_server_info(1406)
   attempting to free (and zero) a server_info structure
[2005/06/02 12:51:19, 1] smbd/sesssetup.c:reply_spnego_kerberos(265)
   make_server_info_from_pw failed!
[2005/06/02 12:51:19, 3] smbd/error.c:error_packet(105)
   error string = No such file or directory
[2005/06/02 12:51:19, 3] smbd/error.c:error_packet(129)
   error packet at smbd/sesssetup.c(270) cmd=115 (SMBsesssetupX) 
NT_STATUS_NO_SUCH_USER

If the same user is added to another group, it works fine, though.

I'm a little surprised that I have not seen this problem reported 
anywhere else, so there is probably something else going on. For what 
it's worth, I am using a Spanish version of Redhat 9, compiling Samba 
with the 'makerpms.sh' script, and also using the Spanish version of 
Windows 2000 Server with the most recent service pack.

I have experienced this problem in 3.0.13 and 3.0.14a. I didn't try any 
earlier versions.

-- neil klopfenstein

More information about the samba mailing list