Bug 3014 - First connection to domain member server after account rename always fails
Summary: First connection to domain member server after account rename always fails
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.14a
Hardware: All Linux
: P3 normal
Target Milestone: none
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact: Samba QA Contact
Depends on:
Reported: 2005-08-18 08:59 UTC by John Janosik
Modified: 2005-10-04 04:54 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description John Janosik 2005-08-18 08:59:56 UTC
This is sort of mentioned in bugzilla 2861.  The problem has to do with
netsamlogon_cache.tdb being updated too late in the connection sequence.  Here
is what is going on:

1.  User connects to \\member_server\test_user as test_user, the username for
this SID is cached in netsamlogon_cache.tdb.
2.  User test_user is renamed to test_user2 on domain controller.
3.  User tries to connect \\member_server\test_user2 as test_user2 after
winbindd cache containing old name has expired.
4.  Windows XP client connects to ipc$ share anonymously and does a trans2
GET_DFS_REFERRAL on \\member_server\test_user2.  Since this is a "magic" homes
share smbd looks up test_user2 to get the home path triggering winbindd to read
the netsamlogon_cache and finding the old username.
5.  Session setup as user works ok and updates netsamlogon_cache.tdb but it is
already to late, winbindd has cached the old username.
6.  User gets an error on tree connect to the home share because the path is wrong.
Comment 1 Gerald (Jerry) Carter (dead mail address) 2005-08-18 09:38:04 UTC
Is the netsdamlogon_cache the only failure?  If so, that is 
being removed for 3.0.21.
Comment 2 John Janosik 2005-08-18 10:40:09 UTC
Yes.  I commented out the code using netsamlogon_cache_get() from winbindd and
resolved the problem.  I couldn't think a a good way to keep the
netsamlogon_cache without some mechanism to time out entries.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-10-04 04:54:55 UTC
fixed in 3.0.21