[Samba] winbind bug?
Doug Tucker
tuckerd at lyle.smu.edu
Thu Mar 27 13:48:47 MDT 2014
>
> passwd: compat winbind
> group: compat winbind
>
> What this means is, the the first place to look for a user is
> /etc/passwd and if the user exists there, then that info is used,
Correct, that is how it gets the unix uid, home dir, etc. The we use
the domain user map to maps a seas user to the unix user. The only
thing we use AD for at all is authentication.
> what I think is happening is that your windows 7 user does not exist
> there, or more likely is there, but with a different ID number.
The user is there, just like my own user account is there. See further
down for a grep of /etc/passwd and corresponging wbinfo querying AD.
The correct unix ID number for the user is there. I'm not sure what you
mean by a different ID number. All users real unix ID numbers are
there. This has nothing to do with AD.
>
> I will repeat, you cannot have users both in /etc/passwd and AD, if
> you want to have users use different home directory paths, look into
> using RFC2307 attributes.
>
> Rowland
All of our users information is in /etc/passwd and AD. Your statement
just isn't true. If it were, then no one would work at all...just those
with unix ID is over 11000 on a windows 7 client is affected. They
don't correspond to each other, we map them back on the unix side after
authentication.
[root at lylesmb1 samba]# grep jghorbanian /etc/passwd
jghorbanian:pb4DGaSAoY48E:11333:450:Jafar
Ghorbanian:/users5/megrad/jghorbanian:/bin/bash
[root at lylesmb1 samba]# grep tuckerd /etc/passwd
tuckerd:gnjdnwJVquCzQ:4011:500:Doug Tucker:/users4/enoc/tuckerd:/bin/bash
[root at lylesmb1 samba]# wbinfo -n tuckerd
S-1-5-21-1863541909-2129596521-199955091-23660 SID_USER (1)
[root at lylesmb1 samba]# wbinfo -n jghorbanian
S-1-5-21-1863541909-2129596521-199955091-34660 SID_USER (1)
Please...look at these logs and tell me what you see. First, my user
mapping my home directory.
2014/03/27 14:25:59.997435, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user
[seas-s]\[tuckerd]@[WIN7-VM] with the new password interface
[2014/03/27 14:25:59.997589, 3] auth/auth.c:222(check_ntlm_password)
check_ntlm_password: mapped user is: [seas-s]\[tuckerd]@[WIN7-VM]
*^^^passing to AD for authentication^^^*
[2014/03/27 14:26:00.011119, 3] auth/user_util.c:402(map_username)
Mapped user SEAS-S+tuckerd to tuckerd
*^^^mapping the seas-s user to the unix user^^^*
[2014/03/27 14:26:00.022867, 3] auth/auth.c:268(check_ntlm_password)
check_ntlm_password: winbind authentication for user [tuckerd] succeeded
[2014/03/27 14:26:00.022912, 2] auth/auth.c:309(check_ntlm_password)
check_ntlm_password: authentication for user [tuckerd] -> [tuckerd]
-> [tuckerd] succeeded
*^^^successful auth^^^*
[2014/03/27 14:26:12.095829, 3]
../libcli/auth/ntlmssp_sign.c:535(ntlmssp_sign_init)
NTLMSSP Sign/Seal - Initialising with flags:
[2014/03/27 14:26:12.095910, 3]
../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0xe2088215
[2014/03/27 14:26:12.095943, 3] smbd/password.c:298(register_existing_vuid)
register_existing_vuid: User name: tuckerd Real name:
[2014/03/27 14:26:12.095967, 3] smbd/password.c:308(register_existing_vuid)
register_existing_vuid: UNIX uid 4011 is UNIX user tuckerd, and will
be vuid 100
[2014/03/27 14:26:12.096090, 3] smbd/password.c:238(register_homes_share)
Adding homes service for user 'tuckerd' using home directory:
'/users4/enoc/tuckerd'
[2014/03/27 14:26:12.096148, 3] param/loadparm.c:6582(lp_add_home)
adding home's share [tuckerd] for user 'tuckerd' at
'/users4/enoc/tuckerd'
*^^^hands me my share^^^*
[2014/03/27 14:26:12.118542, 3] smbd/process.c:1662(process_smb)
Transaction 3 of length 104 (0 toread)
[2014/03/27 14:26:12.118684, 3] smbd/process.c:1467(switch_message)
switch message SMBtconX (pid 7113) conn 0x0
[2014/03/27 14:26:12.118759, 3] lib/access.c:338(allow_access)
Allowed connection from 129.119.103.59 (129.119.103.59)
[2014/03/27 14:26:12.118792, 3]
../libcli/security/dom_sid.c:208(dom_sid_parse_endp)
string_to_sid: SID root is not in a valid format
[2014/03/27 14:26:12.119568, 3] smbd/service.c:872(make_connection_snum)
Connect path is '/tmp' for service [IPC$]
[2014/03/27 14:26:12.119742, 3] smbd/vfs.c:102(vfs_init_default)
Initialising default vfs hooks
[2014/03/27 14:26:12.119773, 3] smbd/vfs.c:128(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2014/03/27 14:26:12.119844, 3]
../libcli/security/dom_sid.c:208(dom_sid_parse_endp)
string_to_sid: SID root is not in a valid format
[2014/03/27 14:26:12.120483, 3] smbd/service.c:1114(make_connection_snum)
win7-vm (129.119.103.59) connect to service IPC$ initially as user
tuckerd (uid=4011, gid=500) (pid 7113)
[2014/03/27 14:26:12.120553, 3] smbd/reply.c:871(reply_tcon_and_X)
tconX service=IPC$
[2014/03/27 14:26:12.142035, 3] smbd/process.c:1662(process_smb)
[2014/03/27 14:26:17.104989, 3] smbd/trans2.c:2286(call_trans2findfirst)
call_trans2findfirst: dirtype = 16, maxentries = 1366,
close_after_first=0, close_if_end = 1 requires_resume_key = 1 level =
0x104, max_data_bytes = 16384
[2014/03/27 14:26:17.105033, 3] smbd/dir.c:580(dptr_create)
creating new dirptr 256 for path ., expect_close = 1
[2014/03/27 14:26:17.105072, 3] smbd/dir.c:1036(smbd_dirptr_get_entry)
smbd_dirptr_get_entry mask=[*] found ./. fname=. (.)
[2014/03/27 14:26:17.105106, 3] smbd/dir.c:1036(smbd_dirptr_get_entry)
smbd_dirptr_get_entry mask=[*] found ./.. fname=.. (..)
[2014/03/27 14:26:17.109911, 3] smbd/dir.c:1036(smbd_dirptr_get_entry)
smbd_dirptr_get_entry mask=[*] found ./serv_req_info.txt
fname=serv_req_info.txt (serv_req_info.txt)
[2014/03/27 14:26:17.109968, 3] smbd/dir.c:1036(smbd_dirptr_get_entry)
*^^^here it is mapped on client, and it is reading through my
files...all working as expected^^^*
I can copy paste the user failing. If I do it on XP, it's look exactly
like mine (remove my username and unix UID and GID and replace with
his). If I do it on Windows 7, again, it looks exactly the same, and at
the moment where mine starts reading files, his says "permission
denied". If you want me to copy/paste the log for his I will. Just
telling you to save space as this reply is pretty long.
Here is another oddity. On the windows 7 machine, if instead of mapping
via the "map network drive" option in windows explorer. If I bring up
the command line and map him via net use on the command line, IT WORKS.
I get the drive mapping. I can navigate to it. I can do a DIR and see
all of his files. I can even create a directory. BUT, once the
directory is created, I cannot delete it.
More information about the samba
mailing list