[Samba] winbind bug?
jonathan at buzzard.me.uk
Thu Mar 27 16:31:09 MDT 2014
On 27/03/14 21:54, Doug Tucker wrote:
> On 03/27/2014 04:01 PM, Jonathan Buzzard wrote:
>> On 27/03/14 18:50, Doug Tucker wrote:
>>> Rowland, that ignores the fact that all of my users other than this
>>> select group (5% maybe) on a certain client are working and working just
>>> fine. Those same failing users work on windows XP and linux cifs. And
>>> to shares even on win7 where the access is controlled via unix gid.
>> No it does not. You need to accept that either through corrupt DB's or
>> some other issue your setup is *BROKEN*. That it is working under XP
>> and Linux is simply a random fluke. There are plenty of things that
>> you can do with a XP SMB client against a Samba server that don't work
>> with a Windows 7 client. So bitching that it works in some cases is
> I won't bore a help list with replying to this type of ridiculous
> rhetoric and you look like an idiot for doing so.
> I will be happy to go
> straight to the source though since you can't read apparently.. windows
> 7 works fine for 95% of the users here. It's not just XP and Linux.
> Still a random fluke? To ignore the fact that it is isolated to only
> unix uid's > 11000 well...ignores that fact. And, I can change all of
> those users to new id's under 11000 and then my setup works for *all*
> users on my network.
I understand what you are say, the point is that you are dead wrong.
That your setup works for user ID's under 11000 is either a fluke or
down to corrupted Samba databases. I am sorry that you don't want to
hear that, but it is the heart of the matter. Several experienced Samba
admins have now told you that and you refuse to listen.
There is a range of things in Samba that work on XP and break Windows 7.
Generally they officially never been supported but just happened to
work, and a combination of more robust SMB client in Windows 7 and/or
more accurate SMB adherence in later Samba breaks it. Get over it.
> Dev/production. This was the dev box. It was in testing for 2 months
> or so without a single issue. I just never hit the >11000 mark in
> testing unfortunately. After testing it was promoted to production. I
> will change dns back to the old 3.033 samba server this weekend so I can
> take this one back out. Then I can take down, wipe the *corrupt* DB's
> and we will still be right back where we started. A config I assume you
> consider ok now, and unix users with id's >11000 not working.
Oh dear, oh dear. A dev box *NEVER* *EVER* gets promoted to production.
What you had was a production box that was in setup phase. You need a
real dev box, that is one that you can fiddle with endlessly without
effecting users to diagnose and fix problems. You then take the working
configuration and apply it to the production box.
> So do you actually have anything useful to suggest or you just trolling
> for a reason to vent?
> Seriously big shot who I don't work for and never would, if you have
> some idea how/why that is an issue I'm all ears. Seriously.
There are several issues. Firstly as Rowland has identified you are
working with a whacked out Samba configuration. It works in various
configurations most likely out of shear luck. You need to get to
something that in 2014 is considered sane and supported. This means you
need to get those RFC2307 attributes into AD and use them directly.
Second it is highly likely that all the messing about has left bad data
in Samba's databases. I can attest personally to this, four years ago
when I was working through this stuff when the documentation was did not
mention the need for ID ranges that do not overlap I went through a
working config that appeared not to work for this very reason and then
wasted several weeks. How do I know, well on my dev platform I was using
RCS to save every configuration I tested. Only when I decided to scrub
the Samba databases could I get it to work, and low an behold one of the
old configurations worked as well.
Thirdly you urgently need a real development platform to test this stuff
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.
More information about the samba