[Samba] Can't chown a file to an ADS username

Eric Diven eric.diven at edsiohio.com
Tue Oct 9 17:48:16 GMT 2007 

Okay, here's something to work with:

open("/lib/tls/i686/sse2/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No
such file or directory) 
stat64("/lib/tls/i686/sse2", 0xbffd8d38) = -1 ENOENT (No such file or
directory) 
open("/lib/tls/i686/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such
file or directory) 
stat64("/lib/tls/i686", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 
open("/lib/tls/sse2/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such
file or directory)
stat64("/lib/tls/sse2", 0xbffd8d38)     = -1 ENOENT (No such file or
directory)
open("/lib/tls/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such file
or directory) 
stat64("/lib/tls", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 
open("/lib/i686/sse2/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No
such file or directory)
stat64("/lib/i686/sse2", 0xbffd8d38)    = -1 ENOENT (No such file or
directory)
open("/lib/i686/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such
file or directory) 
stat64("/lib/i686", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 
open("/lib/sse2/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such
file or directory)
stat64("/lib/sse2", 0xbffd8d38)         = -1 ENOENT (No such file or
directory)
open("/lib/libnss_winbind.so.2", O_RDONLY) = 4 
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\20\0\000"...,
512) = 512 
fstat64(4, {st_mode=S_IFREG|0755, st_size=15584, ...}) = 0 
old_mmap(NULL, 28316, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4,
0) = 0xca7000 
old_mmap(0xcab000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x3000) = 0xcab000 
old_mmap(0xcac000, 7836, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xcac000
close(4)

Clearly, it's looking for libnss_winbind.so.2 in a bunch of places where
it isn't, and then finding it in /lib.  What is happening with old_mmap
is beyond my knowledge, however.  Does this help you any?

~Eric

-----Original Message-----
From: Stas [mailto:narezatel at gmail.com] 
Sent: Tuesday, October 09, 2007 11:28 AM
To: Eric Diven
Cc: samba at lists.samba.org
Subject: Re: [Samba] Can't chown a file to an ADS username

try to run the  following command :  # strace -o ./strace.out getent
passwd  , then look into strace.out for winbind related messages .
you should see something like that when getent starts winbind lookups:
"open("/lib64/libnss_winbind.so.2", O_RDONLY) = 6"






On 10/9/07, Eric Diven <eric.diven at edsiohio.com> wrote:
> Yes, these are only winbind startup messages, that's exactly the 
> problem.  I had in my nsswitch.conf file:
>
> passwd:  compat winbind
> shadow:  compat winbind
> group:   compat winbind
>
> which produced only the local names
>
> To test, I changed nsswitch.conf as follows:
>
> passwd:  winbind [UNAVAIL=retunr] compat
> shadow:  compat winbind #so I have some hope of being able to log in 
> if I didn't get it changed back, maybe
> group:   winbind [UNAVAIL=return] compat
>
> and got *nothing* back from getent passwd.  I'm guessing this means 
> I've got a .so file in the wrong place somewhere.  Following the 
> instructions online, I have
>
> /lib/libnss_winbind.so.2
> /lib/libnss_winbind.so -> /lib/libnss_winbind.so.2 
> /usr/lib/libnss_winbind.so -> /lib/libnss_winbind.so.2
>
> This sure looks correct, but it's pretty clear that winbind isn't 
> getting called.
>
> ~Eric
>
> -----Original Message-----
> From: Stas [mailto:narezatel at gmail.com]
> Sent: Monday, October 08, 2007 5:04 PM
> To: Eric Diven
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Can't chown a file to an ADS username
>
> the winbindd.log you posted contains winbind startup messages?
> if not try to restart winbind and check winbind log for errors .
> /etc/nsswitch.conf contains winbind related strings?
>
>
> On 10/8/07, Eric Diven <eric.diven at edsiohio.com> wrote:
> > I'm not actually getting much from it.  I'm assuming that all of 
> > winbinds logging goes to [logpath]/winbindd.log.
> >
> > If that's the case, I'm seeing nsswitch related stuff happening when

> > winbind starts up, but not when I run getent passwd.
> > I'm running winbind at debug level 3.
> >
> > [root at localhost ~]# cat /var/log/samba/winbindd.log
> > [2007/10/08 13:18:23, 2] lib/interface.c:add_interface(81)
> >   added interface ip=192.168.100.80 bcast=192.168.100.255 
> > nmask=255.255.255.0
> > [2007/10/08 13:18:23, 2] lib/interface.c:add_interface(81)
> >   added interface ip=192.168.100.80 bcast=192.168.100.255 
> > nmask=255.255.255.0
> > [2007/10/08 13:18:23, 2] lib/tallocmsg.c:register_msg_pool_usage(61)
> >   Registered MSG_REQ_POOL_USAGE
> > [2007/10/08 13:18:23, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
> >   Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> > [2007/10/08 13:18:23, 2]
> > nsswitch/winbindd_util.c:add_trusted_domain(175)
> >   Added domain EDSI EDSI.EDSI-INT.COM
> > S-1-5-21-1993962763-329068152-1801674531
> > [2007/10/08 13:18:23, 2]
> > nsswitch/winbindd_util.c:add_trusted_domain(175)
> >   Added domain LOCALHOST  S-1-5-21-9612232-2512366426-966941693
> > [2007/10/08 13:18:23, 2]
> > nsswitch/winbindd_util.c:add_trusted_domain(175)
> >   Added domain BUILTIN  S-1-5-32
> > [2007/10/08 13:18:23, 3]
> > nsswitch/winbindd_misc.c:winbindd_interface_version(483)
> >   [    0]: request interface version
> > [2007/10/08 13:18:23, 3]
> > nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516)
> >   [    0]: request location of privileged pipe
> > [2007/10/08 13:18:23, 3] nsswitch/winbindd_misc.c:winbindd_ping(462)
> >   [    0]: ping
> > [root at localhost ~]#
> >
> > This is the result of clearing the log, restarting samba, and 
> > running getent passwd.  Nothing gets added to the log when I run it.

> > It's greek to me what the stuff from winbind start up means, but I'm

> > a little suspicious that nothing shows up on getent passwd.
> >
> > ~Eric
> >
> > -----Original Message-----
> > From: Stas [mailto:narezatel at gmail.com]
> > Sent: Monday, October 08, 2007 12:50 PM
> > To: Eric Diven
> > Cc: samba at lists.samba.org
> > Subject: Re: [Samba] Can't chown a file to an ADS username
> >
> > winbind's log may be helpful
> >
> >
> >
> > On 10/8/07, Eric Diven <eric.diven at edsiohio.com> wrote:
> > > I've got a samba install on Linux with winbind installed, etc.  
> > > I've
>
> > > configured it the same as I have under Solaris, but for some 
> > > reason,
>
> > > I
> >
> > > can't chown a file to an AD username.  I have joined the box to 
> > > the domain, I can wbinfo -u/-g and get lists of users and groups 
> > > on the domain.  When I run getent passwd or getent group, however,

> > > I don't see any of the domain users and groups.  I have winbind 
> > > enum users and
> >
> > > groups = yes in the smb.conf file.
> > >
> > > Eventually, I need to be able to accomplish this with enum users 
> > > and
>
> > > groups = no for a large domain, but I'm trying to duplicate a 
> > > problem we're have with Solaris.
> > >
> > > Any ideas?  I'm happy to furnish further info/configs/logs on
> request.
> > >
> > > ~Eric
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  https://lists.samba.org/mailman/listinfo/samba
> > >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list