The Samba-Bugzilla – Bug 3014
First connection to domain member server after account rename always fails
Last modified: 2005-10-04 04:54:55 UTC
This is sort of mentioned in bugzilla 2861. The problem has to do with
netsamlogon_cache.tdb being updated too late in the connection sequence. Here
is what is going on:
1. User connects to \\member_server\test_user as test_user, the username for
this SID is cached in netsamlogon_cache.tdb.
2. User test_user is renamed to test_user2 on domain controller.
3. User tries to connect \\member_server\test_user2 as test_user2 after
winbindd cache containing old name has expired.
4. Windows XP client connects to ipc$ share anonymously and does a trans2
GET_DFS_REFERRAL on \\member_server\test_user2. Since this is a "magic" homes
share smbd looks up test_user2 to get the home path triggering winbindd to read
the netsamlogon_cache and finding the old username.
5. Session setup as user works ok and updates netsamlogon_cache.tdb but it is
already to late, winbindd has cached the old username.
6. User gets an error on tree connect to the home share because the path is wrong.
Is the netsdamlogon_cache the only failure? If so, that is
being removed for 3.0.21.
Yes. I commented out the code using netsamlogon_cache_get() from winbindd and
resolved the problem. I couldn't think a a good way to keep the
netsamlogon_cache without some mechanism to time out entries.
fixed in 3.0.21