Bug 3000 - winbind does not update the cache before restarting the daemon
Summary: winbind does not update the cache before restarting the daemon
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.20
Hardware: All Linux
: P3 major
Target Milestone: none
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-08-13 08:17 UTC by Pasi Sjöholm
Modified: 2005-08-24 10:20 UTC (History)
0 users

See Also:


Attachments
update expired cache entries immediately (8.59 KB, patch)
2005-08-16 15:30 UTC, Gerald (Jerry) Carter (dead mail address)
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Pasi Sjöholm 2005-08-13 08:17:08 UTC
First I upgraded our Win2000-servers with Rollup Fix 1 and noticed that our
linux-servers are not authenticating users via winbind anymore. So I upgraded
Samba to 3.0.20rc2.

Everything was ok until I noticed that If I delete or create a user from/to
Windows AD the winbind's cache is not updating.

Changing "winbind cache time" doesn't help.
Comment 1 Gerald (Jerry) Carter (dead mail address) 2005-08-13 08:46:08 UTC
My guess is that you are hitting a known issue with 
the netsamlogon_cache.tdb file.  Stop winbindd remove 
this file and then restart.
Comment 2 Pasi Sjöholm 2005-08-13 13:32:43 UTC
Actually I have already tried that. =) See bug id 1974. 

However this problem is somewhat different because the winbind does not see new
users and remembers the deleted ones. I even can't get new users authenticated
because winbind does not "see" them.

For a solution I migrated back to RHEL samba (3.0.9) and unistalled windows 2000
rollup fix. On next week I'm going to build a proper test enviroment to give you
more detailed information about this bug.

Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-08-15 06:04:30 UTC
does getent passwd 'deleted user' work?
Comment 4 Pasi Sjöholm 2005-08-15 06:33:00 UTC
If you mean does it show the deleted user's info, it does until I restart the 
winbindd.

I also noticed that if you list files (ls -l) on a directory which has files 
owned by lots of users eg. incoming mailspool. If there is a file owned by 
deleted user it will show up that it's owned by the user which owned the last 
file.

Like:
-rw-------    1 user1  Domain Users    93967 Aug 15 15:18 user1
-rw-------    1 user1  Domain Users        0 Jul  7 08:45 user2

and if you do ls -l user2 it will show:
-rw-------    1 10234  Domain Users        0 Jul  7 08:45 user2

Strange.. 
Comment 5 Gerald (Jerry) Carter (dead mail address) 2005-08-15 19:19:15 UTC
Found the problem.  The rewrite of winbind no longer actually 
has a daemon to update the user list cache (i.e. no dual daemon
for user lists).  Although other requests have one daemon 
per domain.

So the cache is marked as expired but never updated.  This will 
definitely have to be fixed before the 3.0.20 release.
Comment 6 Gerald (Jerry) Carter (dead mail address) 2005-08-16 15:23:33 UTC
I'm checking a fix that removes the background cache updates.
Now if the cache expires, the child process will immediately 
update it.  This fixes my tests and should be ok for performance.
I'll attach a patch to this erport for 3.0.20rc2.
Comment 7 Gerald (Jerry) Carter (dead mail address) 2005-08-16 15:30:17 UTC
Created attachment 1382 [details]
update expired cache entries immediately
Comment 8 Gerald (Jerry) Carter (dead mail address) 2005-08-16 15:30:31 UTC
fixed in 3.0.20
Comment 9 Pasi Sjöholm 2005-08-17 09:08:49 UTC
Just tested the patch against to 3.0.20rc2 and it seems to be working very well.
Thanks. =)
Comment 10 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:20:28 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.