Bug 177 - uids gis in samba
uids gis in samba
Status: CLOSED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: winbind
3.0.0preX
Other Linux
: P2 major
: none
Assigned To: Gerald (Jerry) Carter
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2003-06-18 11:28 UTC by Kris Bodenheimer
Modified: 2005-08-24 10:19 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kris Bodenheimer 2003-06-18 11:28:09 UTC
Beta1 has "invented" uids/gids for users that previously existed and worked fine
in a23.  These new gids/uids obviously don't authenticate very well, and appear
to again change at a randomn interval.  Usually every day some other user loses
the ability to login to the server.  The server is running as a domain server,
serving profiles, that don't update either.  Permissions on the profile
directory/home directories have been made 777 so that when users come on with
invented uids/gids they can still get to the data.  We are down to 3 functioning
accounts now out of 24, everyone on the network logs on with one of those 3
accounts.  

Here is typical winbindd log:

[2003/06/12 10:04:56, 1] nsswitch/winbindd_util.c:rescan_trusted_domains(166)
  scanning trusted domain list
[2003/06/12 10:05:06, 1] libsmb/cliconnect.c:cli_full_connection(1275)
  failed session setup with NT_STATUS_OK
[2003/06/12 10:05:17, 1] libsmb/cliconnect.c:cli_full_connection(1275)
  failed session setup with NT_STATUS_OK
[2003/06/12 10:05:27, 1] libsmb/cliconnect.c:cli_full_connection(1275)
  failed session setup with NT_STATUS_OK
[2003/06/12 10:05:27, 1] nsswitch/winbindd_group.c:winbindd_getgroups(846)
  user 'nobody' does not exist
[2003/06/12 10:05:27, 1] nsswitch/winbindd_group.c:winbindd_getgroups(846)
  user 'nobody' does not exist
[2003/06/12 10:05:27, 1] nsswitch/winbindd_group.c:winbindd_getgroups(846)
  user 'nobody' does not exist
[2003/06/12 10:05:27, 1] nsswitch/winbindd_group.c:winbindd_getgroups(846)
  user 'nobody' does not exist
[2003/06/12 10:05:27, 1] nsswitch/winbindd_group.c:winbindd_getgroups(846)
  user 'lee' does not exist
[2003/06/12 10:05:27, 1] nsswitch/winbindd_group.c:winbindd_getgroups(846)
  user 'lee' does not exist
[2003/06/12 10:05:27, 1] nsswitch/winbindd_group.c:winbindd_getgroups(846)
  user 'lee' does not exist
[2003/06/12 10:05:35, 1] nsswitch/winbindd_group.c:winbindd_getgroups(846)
  user 'lee' does not exist
[2003/06/12 10:05:37, 1] nsswitch/winbindd_group.c:winbindd_getgroups(846)
  user 'lee' does not exist
[2003/06/12 10:05:41, 1] nsswitch/winbindd_group.c:winbindd_getgroups(846)
  user 'lee' does not exist

Here is smbstatus output....
32456   10000         10000         plot_plan    (192.168.1.11)
32463   10000         10000         lee          (192.168.1.26)
  430   10001         numa          debbie       (192.168.1.23)
29044   10009         10008         surveyor     (192.168.1.25)
32397   10002         10002         steve2       (192.168.1.12)
32612   10004         10004         damian       (192.168.1.24)
28199   10024         10009         kris         (192.168.1.21)

Notice computer kris, this is actually being logged into with user account "numa".

Here is smbpasswd 

pdc$:501:FF985A4C229CDFC20C6996F40740D1FE:7F8E53546DC0468F40D96223DED91A45:[W  
       ]:LCT-3E29AEFD:
damian:10019:78BCCAEE08C90E29AAD3B435B51404EE:F9E37E83B83C47A93C2F09F66408631B:[U
         ]:LCT-3E2C886D:
lee:10020:78BCCAEE08C90E29AAD3B435B51404EE:F9E37E83B83C47A93C2F09F66408631B:[U 
        ]:LCT-3E2C885F:
debbie:10021:78BCCAEE08C90E29AAD3B435B51404EE:F9E37E83B83C47A93C2F09F66408631B:[U
         ]:LCT-3E2B2C23:
renegade:10022:8A3FF20521977606AAD3B435B51404EE:83D6F22CFDF3E428C0CFE03423BE529C:[U
         ]:LCT-3E5DC313:
jerry:10029:78BCCAEE08C90E29AAD3B435B51404EE:F9E37E83B83C47A93C2F09F66408631B:[UX
        ]:LCT-3E3EB870:
survey_backup$:10030:21ACDE0DA8BEBDB216AC416C2658E00D:B34A5A183842B6FFA409F36944650588:[W
         ]:LCT-3E3EBDE5:
kris$:10032:4564575F74DC7CE2B030F080609195A5:A325A73438B488E0E17DCE964F6038DB:[W
         ]:LCT-3EE88C0C:
lee$:10033:2EFEB8E5792417B2B6B5F70E214310C1:2EFEB8E5792417B2B6B5F70E214310C1:[W
         ]:LCT-3ED9F16A:
damian$:10035:99CEF8B6FACE1069F77DB8C60D511022:99CEF8B6FACE1069F77DB8C60D511022:[W
         ]:LCT-3EDB44ED:
steve$:10036:4336BB826D5E72BB62E708A967B09BA5:1D55021D5B4D6EB02F9A565ED83FBC65:[W
         ]:LCT-3E5DCA71:
plot_plan$:10037:FB7FCC25A7139B21E10DB41252139035:FB7FCC25A7139B21E10DB41252139035:[W
         ]:LCT-3ED88323:
steve2$:10038:DFAC1088DE4E580E226CD06206CBF11B:DFAC1088DE4E580E226CD06206CBF11B:[UW
        ]:LCT-3EDC868A:
debbie$:10039:5368B3E6D28B987976AD80D002039923:5368B3E6D28B987976AD80D002039923:[W
         ]:LCT-3EDB5172:
littledebbie:10041:78BCCAEE08C90E29AAD3B435B51404EE:F9E37E83B83C47A93C2F09F66408631B:[U
         ]:LCT-3E5E44AB:
administrator:10042:633C097A37B26C0CAAD3B435B51404EE:F2477A144DFF4F216AB81F2AC3E3207D:[U
         ]:LCT-3E6584E1:
surveyor$:10043:C0782154818E5641DC4EFB4F82592F95:C0782154818E5641DC4EFB4F82592F95:[UW
        ]:LCT-3EE7A575:
rob:10044:78BCCAEE08C90E29AAD3B435B51404EE:F9E37E83B83C47A93C2F09F66408631B:[U 
        ]:LCT-3E8226C4:
david$:10045:0C60300E8A167714AAD3B435B51404EE:150A6646313CD1A664BBCA9ABE74293E:[W
         ]:LCT-3EF0A555:
david:10046:78BCCAEE08C90E29AAD3B435B51404EE:F9E37E83B83C47A93C2F09F66408631B:[U
         ]:LCT-3E879934:
kris:500:72888BEF9A839711AAD3B435B51404EE:EC4A3E5FE5646DB34088252B6B267E35:[U  
       ]:LCT-3EE8B874:
numa:10018:4FD05C1E375B5B4BAAD3B435B51404EE:7B94A780A5753E5B687D9CBDD03EBFC4:[U
         ]:LCT-3EEF38D0:

Notice numa account on last line.  10018.  cool huh?

Kris Bodenheimer
Comment 1 Andrew Bartlett 2003-07-05 07:43:01 UTC
I do hope you realise that you posted password-equivilant values to a public bug
database.  I do hope this was just a testing system...
Comment 2 Tim Potter 2003-07-10 00:51:20 UTC
Made bug viewable by Samba Core Developers only, in case the passwords were used
on a production system.

(A lot of the passwords seem to be the same value)
Comment 3 Gerald (Jerry) Carter 2003-07-11 08:00:05 UTC
My understanding is that this was a problem with the idmap 
changes in beta1 and have since been corrected in beta2.

Comment 4 Tim Potter 2003-07-14 16:26:24 UTC
Made bug viewable by non-team again since it is apparently a test system.

From: Kris Bodenheimer <numa@thenuma.com>
To: tpot@samba.org
Subject: Re: [Bug 177] uids gis in samba

samba-bugs@samba.org wrote:

>https://bugzilla.samba.org/show_bug.cgi?id=177
>
>tpot@samba.org changed:
>
>           What    |Removed                     |Added
>----------------------------------------------------------------------------
>           groupset|0                           |128
>
>
>
>------- Additional Comments From tpot@samba.org  2003-07-10 00:51 -------
>Made bug viewable by Samba Core Developers only, in case the passwords were
>used
>on a production system.
>
>(A lot of the passwords seem to be the same value)
>
>
>
>------- You are receiving this mail because: -------
>You reported the bug, or are watching the reporter.
>

This system is testing only, as evidenced by most passwords being same
values.  We operate 2 seperate domains, one for testing, the other for
production.
Comment 5 Gerald (Jerry) Carter 2005-02-07 08:39:20 UTC
originally reported against 3.0.0beta1.  CLeaning out 
non-production release versions.
Comment 6 Gerald (Jerry) Carter 2005-08-24 10:19:59 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.