Bug 14723 - wbcGetpwuid (and others) fails after a network interface change if unix_nss_info = yes
Summary: wbcGetpwuid (and others) fails after a network interface change if unix_nss_i...
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.11.6
Hardware: x64 Linux
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-06-02 14:03 UTC by sebastien.mougel
Modified: 2021-06-03 13:27 UTC (History)
1 user (show)

See Also:


Attachments
samba logs (182.09 KB, application/gzip)
2021-06-02 14:03 UTC, sebastien.mougel
no flags Details
tdb files after test (2.18 MB, application/gzip)
2021-06-02 14:06 UTC, sebastien.mougel
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description sebastien.mougel 2021-06-02 14:03:05 UTC
Created attachment 16638 [details]
samba logs

When unix_nss_info = yes and the network connection is switched to a new interface, winbind fails to respond to some queries :
wbinfo --uid-info XXX
finish with a timeout error :
failed to call wbcGetpwuid: WBC_ERR_WINBIND_NOT_AVAILABLE
Could not get info for uid XXX

I get similar results with :
wbinfo --user-info XXX
wbinfo --user-sidinfo XXX

As a result, applications that depend on winbind for user authentication are almost no longer usable. Even opening a new terminal or a sudo is impacted.

Environment:
dc.test.lan (DC) and ubuntu01.test.lan (guest) : Ubuntu 20.04
Samba version : 4.11.6
See smb.conf of ubuntu01 is below.
Guest has 2 NIC, enp0s3 and enp0s8. 

Tests (time refers to log timestamp) :
enp0s3 is up, enp0s8 is down.
winbind service start [11:50], DC can be ping (wbinfo -P) [11:52] and wbinfo --uid-info successfully answers [11:53].

Now [11:54], switch network interface : enp0s3 is down, enp0s8 is up.
wbinfo -P successed [11:59], but wbinfo --uid-info 20100 finish with a timeout error [12:00] :

failed to call wbcGetpwuid: WBC_ERR_WINBIND_NOT_AVAILABLE
Could not get info for uid 20100

Also, 
wbinfo --user-info sn1a fails [12:02]


wbinfo --uid-to-sid 20100 success [12:04]

wbinfo --user-sidinfo fails [12:06]


Note :
The problem also appears when the network connection(s) are disabled. In this case, if unix_nss_info = no the request succeeds (with obviously cached data), but if unix_nss_info = no the request fails. 


smb.conf of ubunut01 for this test :
# Global parameters
[global]
	log level = 10
	debug pid = true
	max log size = 0

        workgroup = TEST
        realm = TEST.LAN
        netbios name = ubuntu01
        security = ADS

        idmap config TEST:backend = ad
        idmap config TEST:schema_mode = rfc2307
        idmap config TEST:range = 10000-29999
        idmap config TEST:unix_nss_info = yes

        idmap config *:backend = tdb
        idmap config *:range = 30000-39999

        winbind use default domain = yes
        winbind enum users = yes
        winbind enum groups = yes
        winbind refresh tickets = yes

        winbind expand groups = 1

        kerberos method = system keytab

        winbind offline logon = yes
Comment 1 sebastien.mougel 2021-06-02 14:06:47 UTC
Created attachment 16639 [details]
tdb files after test