[Samba] winbind bug?

Doug Tucker tuckerd at lyle.smu.edu
Thu Mar 27 13:48:47 MDT 2014 

>
> passwd:         compat winbind
> group:          compat winbind
>
> What this means is, the the first place to look for a user is 
> /etc/passwd and if the user exists there, then that info is used, 

Correct, that is how it gets the unix uid, home dir, etc.  The we use 
the domain user map to maps a seas user to the unix user.  The only 
thing we use AD for at all is authentication.
> what I think is happening is that your windows 7 user does not exist 
> there, or more likely is there, but with a different ID number.
The user is there, just like my own user account is there.  See further 
down for a grep of /etc/passwd and corresponging wbinfo querying AD.  
The correct unix ID number for the user is there.  I'm not sure what you 
mean by a different ID number.  All users real unix ID numbers are 
there.  This has nothing to do with AD.
>
> I will repeat, you cannot have users both in /etc/passwd and AD, if 
> you want to have users use different home directory paths, look into 
> using RFC2307 attributes.
>
> Rowland
All of our users information is in /etc/passwd and AD.  Your statement 
just isn't true.  If it were, then no one would work at all...just those 
with unix ID is over 11000 on a windows 7 client is affected.  They 
don't correspond to each other, we map them back on the unix side after 
authentication.

[root at lylesmb1 samba]# grep jghorbanian /etc/passwd
jghorbanian:pb4DGaSAoY48E:11333:450:Jafar 
Ghorbanian:/users5/megrad/jghorbanian:/bin/bash
[root at lylesmb1 samba]# grep tuckerd /etc/passwd
tuckerd:gnjdnwJVquCzQ:4011:500:Doug Tucker:/users4/enoc/tuckerd:/bin/bash

[root at lylesmb1 samba]# wbinfo -n tuckerd
S-1-5-21-1863541909-2129596521-199955091-23660 SID_USER (1)
[root at lylesmb1 samba]# wbinfo -n jghorbanian
S-1-5-21-1863541909-2129596521-199955091-34660 SID_USER (1)


Please...look at these logs and tell me what you see.  First, my user 
mapping my home directory.

2014/03/27 14:25:59.997435,  3] auth/auth.c:219(check_ntlm_password)
   check_ntlm_password:  Checking password for unmapped user 
[seas-s]\[tuckerd]@[WIN7-VM] with the new password interface
[2014/03/27 14:25:59.997589,  3] auth/auth.c:222(check_ntlm_password)
   check_ntlm_password:  mapped user is: [seas-s]\[tuckerd]@[WIN7-VM]
*^^^passing to AD for authentication^^^*

[2014/03/27 14:26:00.011119,  3] auth/user_util.c:402(map_username)
   Mapped user SEAS-S+tuckerd to tuckerd
*^^^mapping the seas-s user to the unix user^^^*

[2014/03/27 14:26:00.022867,  3] auth/auth.c:268(check_ntlm_password)
   check_ntlm_password: winbind authentication for user [tuckerd] succeeded
[2014/03/27 14:26:00.022912,  2] auth/auth.c:309(check_ntlm_password)
   check_ntlm_password:  authentication for user [tuckerd] -> [tuckerd] 
-> [tuckerd] succeeded
*^^^successful auth^^^*


[2014/03/27 14:26:12.095829,  3] 
../libcli/auth/ntlmssp_sign.c:535(ntlmssp_sign_init)
   NTLMSSP Sign/Seal - Initialising with flags:
[2014/03/27 14:26:12.095910,  3] 
../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags)
   Got NTLMSSP neg_flags=0xe2088215
[2014/03/27 14:26:12.095943,  3] smbd/password.c:298(register_existing_vuid)
   register_existing_vuid: User name: tuckerd    Real name:
[2014/03/27 14:26:12.095967,  3] smbd/password.c:308(register_existing_vuid)
   register_existing_vuid: UNIX uid 4011 is UNIX user tuckerd, and will 
be vuid 100
[2014/03/27 14:26:12.096090,  3] smbd/password.c:238(register_homes_share)
   Adding homes service for user 'tuckerd' using home directory: 
'/users4/enoc/tuckerd'
[2014/03/27 14:26:12.096148,  3] param/loadparm.c:6582(lp_add_home)
   adding home's share [tuckerd] for user 'tuckerd' at 
'/users4/enoc/tuckerd'
*^^^hands me my share^^^*

[2014/03/27 14:26:12.118542,  3] smbd/process.c:1662(process_smb)
   Transaction 3 of length 104 (0 toread)
[2014/03/27 14:26:12.118684,  3] smbd/process.c:1467(switch_message)
   switch message SMBtconX (pid 7113) conn 0x0
[2014/03/27 14:26:12.118759,  3] lib/access.c:338(allow_access)
   Allowed connection from 129.119.103.59 (129.119.103.59)
[2014/03/27 14:26:12.118792,  3] 
../libcli/security/dom_sid.c:208(dom_sid_parse_endp)
   string_to_sid: SID root is not in a valid format
[2014/03/27 14:26:12.119568,  3] smbd/service.c:872(make_connection_snum)
   Connect path is '/tmp' for service [IPC$]
[2014/03/27 14:26:12.119742,  3] smbd/vfs.c:102(vfs_init_default)
   Initialising default vfs hooks
[2014/03/27 14:26:12.119773,  3] smbd/vfs.c:128(vfs_init_custom)
   Initialising custom vfs hooks from [/[Default VFS]/]
[2014/03/27 14:26:12.119844,  3] 
../libcli/security/dom_sid.c:208(dom_sid_parse_endp)
   string_to_sid: SID root is not in a valid format
[2014/03/27 14:26:12.120483,  3] smbd/service.c:1114(make_connection_snum)
   win7-vm (129.119.103.59) connect to service IPC$ initially as user 
tuckerd (uid=4011, gid=500) (pid 7113)
[2014/03/27 14:26:12.120553,  3] smbd/reply.c:871(reply_tcon_and_X)
   tconX service=IPC$
[2014/03/27 14:26:12.142035,  3] smbd/process.c:1662(process_smb)

[2014/03/27 14:26:17.104989,  3] smbd/trans2.c:2286(call_trans2findfirst)
   call_trans2findfirst: dirtype = 16, maxentries = 1366, 
close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 
0x104, max_data_bytes = 16384
[2014/03/27 14:26:17.105033,  3] smbd/dir.c:580(dptr_create)
   creating new dirptr 256 for path ., expect_close = 1
[2014/03/27 14:26:17.105072,  3] smbd/dir.c:1036(smbd_dirptr_get_entry)
   smbd_dirptr_get_entry mask=[*] found ./. fname=. (.)
[2014/03/27 14:26:17.105106,  3] smbd/dir.c:1036(smbd_dirptr_get_entry)
   smbd_dirptr_get_entry mask=[*] found ./.. fname=.. (..)
[2014/03/27 14:26:17.109911,  3] smbd/dir.c:1036(smbd_dirptr_get_entry)
   smbd_dirptr_get_entry mask=[*] found ./serv_req_info.txt 
fname=serv_req_info.txt (serv_req_info.txt)
[2014/03/27 14:26:17.109968,  3] smbd/dir.c:1036(smbd_dirptr_get_entry)
*^^^here it is mapped on client, and it is reading through my 
files...all working as expected^^^*

I can copy paste the user failing.  If I do it on XP, it's look exactly 
like mine (remove my username and unix UID and GID and replace with 
his).  If I do it on Windows 7, again, it looks exactly the same, and at 
the moment where mine starts reading files, his says "permission 
denied".  If you want me to copy/paste the log for his I will.  Just 
telling you to save space as this reply is pretty long.

Here is another oddity.  On the windows 7 machine, if instead of mapping 
via the "map network drive" option in windows explorer.  If I bring up 
the command line and map him via net use on the command line, IT WORKS.  
I get the drive mapping.  I can navigate to it.  I can do a DIR and see 
all of his files.  I can even create a directory.  BUT, once the 
directory is created, I cannot delete it.

More information about the samba mailing list