[Samba] Can't chown a file to an ADS username
Eric Diven
eric.diven at edsiohio.com
Tue Oct 9 20:26:13 GMT 2007
Well, I'm an idiot:
1) I wrongly assumed that make install had installed the version of
libnss_winbind.so.2 that I compiled because the file existed.
2) I realized this was not the case when I did an ls -l on /lib and saw
the timestamp on the file.
3) I replaced the file with the new one
4) I never restarted samba, leading to the immediate problem.
5) In the meantime, the same problem had been happening, with the pipe
at a different location. The new winbind was creating it in
/tmp/.winbindd, and the old library was looking for it in
/var/run/something_or_another.
Thanks for the help on this one. I apologize for taking up your time
with that.
~Eric
-----Original Message-----
From: Stas [mailto:narezatel at gmail.com]
Sent: Tuesday, October 09, 2007 4:08 PM
To: Eric Diven
Cc: samba at lists.samba.org
Subject: Re: [Samba] Can't chown a file to an ADS username
well , if /tmp/.winbindd/pipe doen't exist nothing will work since
winbind's clients use it to communicate with winnbind.
there is no "pipe" file in /tmp/.winbindd after you start winbind ?
it should be created when winbindd starts.
check that /tmp/.winbindd directory owned by root .
On 10/9/07, Eric Diven <eric.diven at edsiohio.com> wrote:
> Thanks for pointing that out. The trace shows that it's trying to
> lstat64 /tmp/.winbindd/pipe, and not finding it.
> ldd shows that it's only looking for libc.so.6, and finding it at
> /lib/tls/libc.so.6
> I built this from source. I've poached the smb.conf from the existing
> one in /etc/samba and made the same modifcations I've had to make
> under Solaris.
>
> Here's the rest of the trace starting directly after the close(4):
>
> munmap(0xb7dab000, 53951) = 0
> getpid() = 3132
> lstat64("/tmp/.winbindd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) =
> 0
>
> lstat64("/tmp/.winbindd/pipe", 0xbff36ab8) = -1 ENOENT (No such file
> or
> directory)
> munmap(0xb7dba000, 1791) = 0
> close(3) = 0
> lstat64("/tmp/.winbindd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) =
> 0
>
> lstat64("/tmp/.winbindd/pipe", 0xbff36b38) = -1 ENOENT (No such file
> or
> directory)
> munmap(0xb7db9000, 4096) = 0
> exit_group(0) = ?
>
> Any idea what I need to do to resolve the issue with the pipe not
> being there?
>
> ~Eric
>
> -----Original Message-----
> From: Stas [mailto:narezatel at gmail.com]
> Sent: Tuesday, October 09, 2007 2:31 PM
> To: Eric Diven
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Can't chown a file to an ADS username
>
> well , at least we know that getent calls winbind ...
> "close(4)" - the last line in strace output ?
> try # ldd /lib/libnss_winbind.so.2
> it'll show you what libraries libnss_winbind requires , check that all
> of them are exist ..
> are you using RPM installation or compiled SAMBA from sources?
>
>
>
>
> On 10/9/07, Eric Diven <eric.diven at edsiohio.com> wrote:
> > Okay, here's something to work with:
> >
> > open("/lib/tls/i686/sse2/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT
> > (No such file or directory) stat64("/lib/tls/i686/sse2", 0xbffd8d38)
> > =
>
> > -1 ENOENT (No such file or
> > directory)
> > open("/lib/tls/i686/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No
> > such file or directory) stat64("/lib/tls/i686",
> > {st_mode=S_IFDIR|0755,
>
> > st_size=4096, ...}) = 0 open("/lib/tls/sse2/libnss_winbind.so.2",
> > O_RDONLY) = -1 ENOENT (No such file or directory)
> > stat64("/lib/tls/sse2", 0xbffd8d38) = -1 ENOENT (No such file or
> > directory)
> > open("/lib/tls/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such
> > file or directory) stat64("/lib/tls", {st_mode=S_IFDIR|0755,
> > st_size=4096, ...}) = 0 open("/lib/i686/sse2/libnss_winbind.so.2",
> > O_RDONLY) = -1 ENOENT (No such file or directory)
> > stat64("/lib/i686/sse2", 0xbffd8d38) = -1 ENOENT (No such file or
> > directory)
> > open("/lib/i686/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such
> > file or directory) stat64("/lib/i686", {st_mode=S_IFDIR|0755,
> > st_size=4096, ...}) = 0 open("/lib/sse2/libnss_winbind.so.2",
> > O_RDONLY) = -1 ENOENT (No such file or directory)
> > stat64("/lib/sse2", 0xbffd8d38) = -1 ENOENT (No such file or
> > directory)
> > open("/lib/libnss_winbind.so.2", O_RDONLY) = 4 read(4,
> > "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\20\0\000"...,
> > 512) = 512
> > fstat64(4, {st_mode=S_IFREG|0755, st_size=15584, ...}) = 0
> > old_mmap(NULL, 28316, PROT_READ|PROT_EXEC,
> > MAP_PRIVATE|MAP_DENYWRITE, 4,
> > 0) = 0xca7000
> > old_mmap(0xcab000, 4096, PROT_READ|PROT_WRITE,
> > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x3000) = 0xcab000
> > old_mmap(0xcac000, 7836, PROT_READ|PROT_WRITE,
> > MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xcac000
> > close(4)
> >
> > Clearly, it's looking for libnss_winbind.so.2 in a bunch of places
> > where it isn't, and then finding it in /lib. What is happening with
> > old_mmap is beyond my knowledge, however. Does this help you any?
> >
> > ~Eric
> >
> > -----Original Message-----
> > From: Stas [mailto:narezatel at gmail.com]
> > Sent: Tuesday, October 09, 2007 11:28 AM
> > To: Eric Diven
> > Cc: samba at lists.samba.org
> > Subject: Re: [Samba] Can't chown a file to an ADS username
> >
> > try to run the following command : # strace -o ./strace.out getent
> > passwd , then look into strace.out for winbind related messages .
> > you should see something like that when getent starts winbind
lookups:
> > "open("/lib64/libnss_winbind.so.2", O_RDONLY) = 6"
> >
> >
> >
> >
> >
> >
> > On 10/9/07, Eric Diven <eric.diven at edsiohio.com> wrote:
> > > Yes, these are only winbind startup messages, that's exactly the
> > > problem. I had in my nsswitch.conf file:
> > >
> > > passwd: compat winbind
> > > shadow: compat winbind
> > > group: compat winbind
> > >
> > > which produced only the local names
> > >
> > > To test, I changed nsswitch.conf as follows:
> > >
> > > passwd: winbind [UNAVAIL=retunr] compat
> > > shadow: compat winbind #so I have some hope of being able to log
> > > in
>
> > > if I didn't get it changed back, maybe
> > > group: winbind [UNAVAIL=return] compat
> > >
> > > and got *nothing* back from getent passwd. I'm guessing this
> > > means I've got a .so file in the wrong place somewhere. Following
> > > the instructions online, I have
> > >
> > > /lib/libnss_winbind.so.2
> > > /lib/libnss_winbind.so -> /lib/libnss_winbind.so.2
> > > /usr/lib/libnss_winbind.so -> /lib/libnss_winbind.so.2
> > >
> > > This sure looks correct, but it's pretty clear that winbind isn't
> > > getting called.
> > >
> > > ~Eric
> > >
> > > -----Original Message-----
> > > From: Stas [mailto:narezatel at gmail.com]
> > > Sent: Monday, October 08, 2007 5:04 PM
> > > To: Eric Diven
> > > Cc: samba at lists.samba.org
> > > Subject: Re: [Samba] Can't chown a file to an ADS username
> > >
> > > the winbindd.log you posted contains winbind startup messages?
> > > if not try to restart winbind and check winbind log for errors .
> > > /etc/nsswitch.conf contains winbind related strings?
> > >
> > >
> > > On 10/8/07, Eric Diven <eric.diven at edsiohio.com> wrote:
> > > > I'm not actually getting much from it. I'm assuming that all of
> > > > winbinds logging goes to [logpath]/winbindd.log.
> > > >
> > > > If that's the case, I'm seeing nsswitch related stuff happening
> > > > when
> >
> > > > winbind starts up, but not when I run getent passwd.
> > > > I'm running winbind at debug level 3.
> > > >
> > > > [root at localhost ~]# cat /var/log/samba/winbindd.log
> > > > [2007/10/08 13:18:23, 2] lib/interface.c:add_interface(81)
> > > > added interface ip=192.168.100.80 bcast=192.168.100.255
> > > > nmask=255.255.255.0
> > > > [2007/10/08 13:18:23, 2] lib/interface.c:add_interface(81)
> > > > added interface ip=192.168.100.80 bcast=192.168.100.255
> > > > nmask=255.255.255.0
> > > > [2007/10/08 13:18:23, 2]
> lib/tallocmsg.c:register_msg_pool_usage(61)
> > > > Registered MSG_REQ_POOL_USAGE
> > > > [2007/10/08 13:18:23, 2]
> lib/dmallocmsg.c:register_dmalloc_msgs(71)
> > > > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> > > > [2007/10/08 13:18:23, 2]
> > > > nsswitch/winbindd_util.c:add_trusted_domain(175)
> > > > Added domain EDSI EDSI.EDSI-INT.COM
> > > > S-1-5-21-1993962763-329068152-1801674531
> > > > [2007/10/08 13:18:23, 2]
> > > > nsswitch/winbindd_util.c:add_trusted_domain(175)
> > > > Added domain LOCALHOST S-1-5-21-9612232-2512366426-966941693
> > > > [2007/10/08 13:18:23, 2]
> > > > nsswitch/winbindd_util.c:add_trusted_domain(175)
> > > > Added domain BUILTIN S-1-5-32
> > > > [2007/10/08 13:18:23, 3]
> > > > nsswitch/winbindd_misc.c:winbindd_interface_version(483)
> > > > [ 0]: request interface version
> > > > [2007/10/08 13:18:23, 3]
> > > > nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516)
> > > > [ 0]: request location of privileged pipe
> > > > [2007/10/08 13:18:23, 3]
> nsswitch/winbindd_misc.c:winbindd_ping(462)
> > > > [ 0]: ping
> > > > [root at localhost ~]#
> > > >
> > > > This is the result of clearing the log, restarting samba, and
> > > > running getent passwd. Nothing gets added to the log when I run
> it.
> >
> > > > It's greek to me what the stuff from winbind start up means, but
> > > > I'm
> >
> > > > a little suspicious that nothing shows up on getent passwd.
> > > >
> > > > ~Eric
> > > >
> > > > -----Original Message-----
> > > > From: Stas [mailto:narezatel at gmail.com]
> > > > Sent: Monday, October 08, 2007 12:50 PM
> > > > To: Eric Diven
> > > > Cc: samba at lists.samba.org
> > > > Subject: Re: [Samba] Can't chown a file to an ADS username
> > > >
> > > > winbind's log may be helpful
> > > >
> > > >
> > > >
> > > > On 10/8/07, Eric Diven <eric.diven at edsiohio.com> wrote:
> > > > > I've got a samba install on Linux with winbind installed, etc.
> > > > > I've
> > >
> > > > > configured it the same as I have under Solaris, but for some
> > > > > reason,
> > >
> > > > > I
> > > >
> > > > > can't chown a file to an AD username. I have joined the box
> > > > > to the domain, I can wbinfo -u/-g and get lists of users and
> > > > > groups
>
> > > > > on the domain. When I run getent passwd or getent group,
> > > > > however,
> >
> > > > > I don't see any of the domain users and groups. I have
> > > > > winbind enum users and
> > > >
> > > > > groups = yes in the smb.conf file.
> > > > >
> > > > > Eventually, I need to be able to accomplish this with enum
> > > > > users
>
> > > > > and
> > >
> > > > > groups = no for a large domain, but I'm trying to duplicate a
> > > > > problem we're have with Solaris.
> > > > >
> > > > > Any ideas? I'm happy to furnish further info/configs/logs on
> > > request.
> > > > >
> > > > > ~Eric
> > > > > --
> > > > > To unsubscribe from this list go to the following URL and read
> > > > > the
> > > > > instructions: https://lists.samba.org/mailman/listinfo/samba
> > > > >
> > > > --
> > > > To unsubscribe from this list go to the following URL and read
> > > > the
> > > > instructions: https://lists.samba.org/mailman/listinfo/samba
> > > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: https://lists.samba.org/mailman/listinfo/samba
> > >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/listinfo/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list