winbind, uid.c, Take Ownership and local samba users... some
jtrostel at snapserver.com
jtrostel at snapserver.com
Fri Sep 28 07:37:02 GMT 2001
As Manoj said earlier... the reason you are getting junk at the end of these
names is that ulen and dlen in the function _lsa_unk_get_connuser are set
incorrectly. To fix this problem, make the following correction to the
function _lsa_unk_get_connuser in the file ../source/rpc_server/svr_lsa_nt.c:
about line 535:
ulen = strlen(username);
dlen = strlen(domname);
should read:
ulen = strlen(username) + 1;
dlen = strlen(domname) + 1;
That should fix the garbage characters.
On 27-Sep-2001 Esh, Andrew wrote:
> I have noticed some weirdness with names in Take Ownership. They actually
> get garbaged over time by other requests, so that they are eventually passed
> around in the network packets with trash in them. By the time a Take
> Ownership is done, the name will not resolve to a SID, and it fails. I think
> there's data corruption taking place, but I haven't found where yet.
>
> -----Original Message-----
> From: jtrostel at snapserver.com [mailto:jtrostel at snapserver.com]
> Sent: Thursday, September 27, 2001 4:41 PM
> To: David Almeida; samba-technical at samba.org
> Subject: winbind, uid.c, Take Ownership and local samba users...
> something's fishy
>
>
> Yeah... there seems to be something strange going on here.
>
> debug statements in samba show the following values:
>
> global_myworkgroup => CEO
> global_myname => JTSDEVEL
>
> These are the domain and machine name (respectively) for the SAMBA server.
>
> _lsa_unk_get_connuser username => jt
> _lsa_unk_get_connuser domain => JTSNT
>
> These are the _workgroup_ and username for the user connecting to SAMBA.
>
> When I get passed into uid.c/lookup_name, winbind _thinks_ it finds a domain
> name (it appears):
> lookup_name (winbindd): CEO\jt -> SID S-1-5-21-.... (type 8)
>
> The problem is that there is no user 'jt' in the CEO domain. When I run
> 'getent passwd' on the SAMBA server, I get:
>
> root:x:0:0:root:/root:/bin/bash
> ...
> jt:x:500:500::/home/jt:/bin/bash
> another_user:x:501:501::/home/another_user:/bin/bash
> CEO+Administrator:x:10000:10000::/home/CEO/Administrator:/bin/false
> ...
>
> with NO CEO+jt in the list.
>
> It looks like winbind_lookup_name succeeds with CEO\jt instead of failing...
> It
> looks like it _should_ fail if the code lower down in uid.c is going to
> validate the user 'jt' locally....
>
> I'll look at this a bit more... but it's getting late here now.
>
>
> On 27-Sep-2001 David Almeida wrote:
>> The Explorer after it issues a LSA_UNK_CONN_USR takes the DOMAIN/user
> string
>> from that call and issues a subsequent LSA_LOOKUP_NAMES call. In the
>> relevant thread the function lookup_name in uid.c passes the LOOKUP names
>> command to the Winbindd Daemon for process to the PDC. If the PDC does not
>> return a valid RID, then the code then examines the local database for a
>> match. If this fails, then an Unknown user error message is passed back to
>> the explorer. Hence the message you see.
>>
>> Dave Almeida
>>
>
> --
> John M. Trostel
> Senior Software Engineer
> Quantum / SnapAppliances
> jtrostel at snapserver.com
--
John M. Trostel
Senior Software Engineer
Quantum / SnapAppliances
jtrostel at snapserver.com
More information about the samba-technical
mailing list