When I try to list the ACLs in a file(directory) that contains a windows domain group from a trusted domain, winbindd looses track of the domain groups. getfacl starts listing the ACLs, the locals and the winbind group from the domain to which the Samba server belongs are listed OK, but when it should list the trusted group it fails: root@tstpcdisk01 # getfacl . # file: . # owner: root # group: other user::rwx group::rwx #effective:rwx group:dri:rwx #effective:rwx group:cph_users:r-x #effective:r-x group:CPHOIL+domain users:r-x #effective:r-x group:10330:r-x #effective:r-x mask:rwx other:--- default:user::rwx default:group::rwx default:group:dri:rwx default:group:cph_users:r-x default:group:10000:r-x default:group:10330:r-x default:mask:rwx default:other:--- 10000 is "CPHOIL+domain users" and is translated in the beginning og the ACLs, but later it fails. 10330 is a trusted group "MAERSKOIL+ebj acl_dimstelex" Before doing the getfacl I get the following: root@tstpcdisk01 # wbinfo -t checking the trust secret via RPC calls succeeded root@tstpcdisk01 # wbinfo -m CPH (trusted) MAERSKOIL (trusted) FINANCE (trusted) CPHOIL (domain which Samba server is a member of) and both "wbinfo -u" and "wbinfo -g" returned all users and groups from both local windows domain and from the trusted domains. After doing the getfacl I get the following: root@tstpcdisk01 # wbinfo -t checking the trust secret via RPC calls failed error code was (0x0) Could not check secret root@tstpcdisk01 # wbinfo -m Could not list trusted domains and both "wbinfo -u" and "wbinfo -g" return this error: Error looking up domain groups Not all trusted windows groups show this behaviour, since if I do "ls -l" I get the following, where it lists both a local domain group and a trusted: root@tstpcdisk01 # ls -l total 4 drwxrws---+ 2 root CPHOIL+dri 512 Nov 30 13:07 telex/ drwxrwx---+ 2 MAERSKOIL+adtest other 512 Dec 1 10:54 xx/ winbindd does NOT crash and it seems as if it recovers after a while(some 5 minutes), but if I try to list the ACLs again I back to square 1. Kind regards, Hans. PS. I noticed that when I try to list all groups(wbinfo -g) the following error appears in log.winbindd: [2006/02/02 13:49:29, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2240) cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error NT_STATUS_BUFFER_TOO_SMALL
NT_STATUS_BUFFER_TOO_SMALL is a normal error message.
Forgot to mention that I can use Windows Explorer to list the ACLs, by doing right click->properties->Security Here I get the trusted windows group translated !?
this is _NOT_ a buffer overflow. We need a full debug level 10 log of all winbindd's to diagnose this fully. And BTW, wbinfo -u is broken by definition. Likewise with -g. Volker
Created attachment 1720 [details] log level 10 of winbind During this level 10 trace of winbind I made an "ls -l" command and a "getfacl ." command.
severity should be determined by the developers and not the reporter.
*** This bug has been marked as a duplicate of bug 10062 ***