177 – uids gis in samba

Bug 177 - uids gis in samba

Summary: uids gis in samba

Status:	CLOSED FIXED

Alias:	None

Product:	Samba 3.0
Classification:	Unclassified
Component:	winbind (show other bugs)
Version:	3.0.0preX
Hardware:	Other Linux

Importance:	P2 major
Target Milestone:	none
Assignee:	Gerald (Jerry) Carter (dead mail address)
QA Contact:

URL:
Keywords:

Depends on:
Blocks:

Reported:	2003-06-18 11:28 UTC by Kris Bodenheimer
Modified:	2005-08-24 10:19 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kris Bodenheimer 2003-06-18 11:28:09 UTC

Beta1 has "invented" uids/gids for users that previously existed and worked fine
in a23.  These new gids/uids obviously don't authenticate very well, and appear
to again change at a randomn interval.  Usually every day some other user loses
the ability to login to the server.  The server is running as a domain server,
serving profiles, that don't update either.  Permissions on the profile
directory/home directories have been made 777 so that when users come on with
invented uids/gids they can still get to the data.  We are down to 3 functioning
accounts now out of 24, everyone on the network logs on with one of those 3
accounts.  

Here is typical winbindd log:

[2003/06/12 10:04:56, 1] nsswitch/winbindd_util.c:rescan_trusted_domains(166)
  scanning trusted domain list
[2003/06/12 10:05:06, 1] libsmb/cliconnect.c:cli_full_connection(1275)
  failed session setup with NT_STATUS_OK
[2003/06/12 10:05:17, 1] libsmb/cliconnect.c:cli_full_connection(1275)
  failed session setup with NT_STATUS_OK
[2003/06/12 10:05:27, 1] libsmb/cliconnect.c:cli_full_connection(1275)
  failed session setup with NT_STATUS_OK
[2003/06/12 10:05:27, 1] nsswitch/winbindd_group.c:winbindd_getgroups(846)
  user 'nobody' does not exist
[2003/06/12 10:05:27, 1] nsswitch/winbindd_group.c:winbindd_getgroups(846)
  user 'nobody' does not exist
[2003/06/12 10:05:27, 1] nsswitch/winbindd_group.c:winbindd_getgroups(846)
  user 'nobody' does not exist
[2003/06/12 10:05:27, 1] nsswitch/winbindd_group.c:winbindd_getgroups(846)
  user 'nobody' does not exist
[2003/06/12 10:05:27, 1] nsswitch/winbindd_group.c:winbindd_getgroups(846)
  user 'lee' does not exist
[2003/06/12 10:05:27, 1] nsswitch/winbindd_group.c:winbindd_getgroups(846)
  user 'lee' does not exist
[2003/06/12 10:05:27, 1] nsswitch/winbindd_group.c:winbindd_getgroups(846)
  user 'lee' does not exist
[2003/06/12 10:05:35, 1] nsswitch/winbindd_group.c:winbindd_getgroups(846)
  user 'lee' does not exist
[2003/06/12 10:05:37, 1] nsswitch/winbindd_group.c:winbindd_getgroups(846)
  user 'lee' does not exist
[2003/06/12 10:05:41, 1] nsswitch/winbindd_group.c:winbindd_getgroups(846)
  user 'lee' does not exist

Here is smbstatus output....
32456   10000         10000         plot_plan    (192.168.1.11)
32463   10000         10000         lee          (192.168.1.26)
  430   10001         numa          debbie       (192.168.1.23)
29044   10009         10008         surveyor     (192.168.1.25)
32397   10002         10002         steve2       (192.168.1.12)
32612   10004         10004         damian       (192.168.1.24)
28199   10024         10009         kris         (192.168.1.21)

Notice computer kris, this is actually being logged into with user account "numa".

Here is smbpasswd 

pdc$:501:FF985A4C229CDFC20C6996F40740D1FE:7F8E53546DC0468F40D96223DED91A45:[W  
       ]:LCT-3E29AEFD:
damian:10019:78BCCAEE08C90E29AAD3B435B51404EE:F9E37E83B83C47A93C2F09F66408631B:[U
         ]:LCT-3E2C886D:
lee:10020:78BCCAEE08C90E29AAD3B435B51404EE:F9E37E83B83C47A93C2F09F66408631B:[U 
        ]:LCT-3E2C885F:
debbie:10021:78BCCAEE08C90E29AAD3B435B51404EE:F9E37E83B83C47A93C2F09F66408631B:[U
         ]:LCT-3E2B2C23:
renegade:10022:8A3FF20521977606AAD3B435B51404EE:83D6F22CFDF3E428C0CFE03423BE529C:[U
         ]:LCT-3E5DC313:
jerry:10029:78BCCAEE08C90E29AAD3B435B51404EE:F9E37E83B83C47A93C2F09F66408631B:[UX
        ]:LCT-3E3EB870:
survey_backup$:10030:21ACDE0DA8BEBDB216AC416C2658E00D:B34A5A183842B6FFA409F36944650588:[W
         ]:LCT-3E3EBDE5:
kris$:10032:4564575F74DC7CE2B030F080609195A5:A325A73438B488E0E17DCE964F6038DB:[W
         ]:LCT-3EE88C0C:
lee$:10033:2EFEB8E5792417B2B6B5F70E214310C1:2EFEB8E5792417B2B6B5F70E214310C1:[W
         ]:LCT-3ED9F16A:
damian$:10035:99CEF8B6FACE1069F77DB8C60D511022:99CEF8B6FACE1069F77DB8C60D511022:[W
         ]:LCT-3EDB44ED:
steve$:10036:4336BB826D5E72BB62E708A967B09BA5:1D55021D5B4D6EB02F9A565ED83FBC65:[W
         ]:LCT-3E5DCA71:
plot_plan$:10037:FB7FCC25A7139B21E10DB41252139035:FB7FCC25A7139B21E10DB41252139035:[W
         ]:LCT-3ED88323:
steve2$:10038:DFAC1088DE4E580E226CD06206CBF11B:DFAC1088DE4E580E226CD06206CBF11B:[UW
        ]:LCT-3EDC868A:
debbie$:10039:5368B3E6D28B987976AD80D002039923:5368B3E6D28B987976AD80D002039923:[W
         ]:LCT-3EDB5172:
littledebbie:10041:78BCCAEE08C90E29AAD3B435B51404EE:F9E37E83B83C47A93C2F09F66408631B:[U
         ]:LCT-3E5E44AB:
administrator:10042:633C097A37B26C0CAAD3B435B51404EE:F2477A144DFF4F216AB81F2AC3E3207D:[U
         ]:LCT-3E6584E1:
surveyor$:10043:C0782154818E5641DC4EFB4F82592F95:C0782154818E5641DC4EFB4F82592F95:[UW
        ]:LCT-3EE7A575:
rob:10044:78BCCAEE08C90E29AAD3B435B51404EE:F9E37E83B83C47A93C2F09F66408631B:[U 
        ]:LCT-3E8226C4:
david$:10045:0C60300E8A167714AAD3B435B51404EE:150A6646313CD1A664BBCA9ABE74293E:[W
         ]:LCT-3EF0A555:
david:10046:78BCCAEE08C90E29AAD3B435B51404EE:F9E37E83B83C47A93C2F09F66408631B:[U
         ]:LCT-3E879934:
kris:500:72888BEF9A839711AAD3B435B51404EE:EC4A3E5FE5646DB34088252B6B267E35:[U  
       ]:LCT-3EE8B874:
numa:10018:4FD05C1E375B5B4BAAD3B435B51404EE:7B94A780A5753E5B687D9CBDD03EBFC4:[U
         ]:LCT-3EEF38D0:

Notice numa account on last line.  10018.  cool huh?

Kris Bodenheimer

Comment 1 Andrew Bartlett 2003-07-05 07:43:01 UTC

I do hope you realise that you posted password-equivilant values to a public bug
database.  I do hope this was just a testing system...

Comment 2 Tim Potter 2003-07-10 00:51:20 UTC

Made bug viewable by Samba Core Developers only, in case the passwords were used
on a production system.

(A lot of the passwords seem to be the same value)

Comment 3 Gerald (Jerry) Carter (dead mail address) 2003-07-11 08:00:05 UTC

My understanding is that this was a problem with the idmap 
changes in beta1 and have since been corrected in beta2.

Comment 4 Tim Potter 2003-07-14 16:26:24 UTC

Made bug viewable by non-team again since it is apparently a test system.

From: Kris Bodenheimer <numa@thenuma.com>
To: tpot@samba.org
Subject: Re: [Bug 177] uids gis in samba

samba-bugs@samba.org wrote:

>https://bugzilla.samba.org/show_bug.cgi?id=177
>
>tpot@samba.org changed:
>
>           What    |Removed                     |Added
>----------------------------------------------------------------------------
>           groupset|0                           |128
>
>
>
>------- Additional Comments From tpot@samba.org  2003-07-10 00:51 -------
>Made bug viewable by Samba Core Developers only, in case the passwords were
>used
>on a production system.
>
>(A lot of the passwords seem to be the same value)
>
>
>
>------- You are receiving this mail because: -------
>You reported the bug, or are watching the reporter.
>

This system is testing only, as evidenced by most passwords being same
values.  We operate 2 seperate domains, one for testing, the other for
production.

Comment 5 Gerald (Jerry) Carter (dead mail address) 2005-02-07 08:39:20 UTC

originally reported against 3.0.0beta1.  CLeaning out 
non-production release versions.

Comment 6 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:19:59 UTC

sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.