calling "wbinfo -u" during winbind startup causes usernames to be prefixed by the winbind separator. the usernames returned by "wbinfo -u" or "getent passwd" are also all lowercase. works also with groupnames. some groupnames are missing in the "output of wbinfo -g". steps to reproduce: root@testvm / # while true; do if [ `wbinfo -g 2>/dev/null| wc -l` -gt 0 ]; then break; fi; done & winbindd -i -d3 [1] 15903 winbindd version 3.0.24pre1-SVN-build-17592 started. Copyright The Samba Team 2000-2004 lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" map_file: Failed to load /usr/lib/samba/valid.dat - No such file or directory creating default valid table adding IPC service idmap_init: using 'rid' as remote backend Module '/usr/lib/samba/idmap/rid.so' loaded rid_idmap_parse: parsing entry: 0 rid_idmap_parse: entry 0 has name: [FB05] rid_idmap_parse: entry 0 has sid: [S-1-5-21-231109706-548016402-1897138802] rid_idmap_parse: entry 0 has min_id: [10000] rid_idmap_parse: entry 0 has max_id: [200000] rid_idmap_init: using 1 mappings: rid_idmap_init: domain: [FB05], sid: [S-1-5-21-231109706-548016402-1897138802], min_id: [10000], max_id: [200000] Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED Added domain FB05 FB05.STATISTIK.UNI-DORTMUND.DE S-1-5-21-231109706-548016402-1897138802 Added domain TESTVM S-1-5-21-858101053-1731373513-3760740979 Added domain BUILTIN S-1-5-32 No nmbd found [ 0]: request interface version [ 0]: request location of privileged pipe [ 0]: list groups get_sam_group_entries: Failed to enumerate domain local groups! get_sam_group_entries: Failed to enumerate domain local groups! No nmbd found cm_get_ipc_userpass: No auth-user defined Doing spnego session setup (blob length=128) got OID=1 2 840 48018 1 2 2 got OID=1 2 840 113554 1 2 2 got OID=1 2 840 113554 1 2 2 3 got OID=1 3 6 1 4 1 311 2 2 10 got principal=server02$@FB05.STATISTIK.UNI-DORTMUND.DE cm_get_ipc_userpass: No auth-user defined Doing kerberos session setup ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Fri, 18 Aug 2006 07:48:37 CEST Doing spnego session setup (blob length=128) got OID=1 2 840 48018 1 2 2 got OID=1 2 840 113554 1 2 2 got OID=1 2 840 113554 1 2 2 3 got OID=1 3 6 1 4 1 311 2 2 10 got principal=server02$@FB05.STATISTIK.UNI-DORTMUND.DE rpc_pipe_bind: Remote machine SERVER02 pipe \lsarpc fnum 0xc06b bind request returned ok. rpc_pipe_bind: Remote machine SERVER02 pipe \lsarpc fnum 0xc05f bind request returned ok. lsa_io_sec_qos: length c does not match size 8 Doing kerberos session setup ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Fri, 18 Aug 2006 07:48:37 CEST rpc_pipe_bind: Remote machine SERVER02 pipe \lsarpc fnum 0x8028 bind request returned ok. rpc_pipe_bind: Remote machine SERVER02 pipe \lsarpc fnum 0x8026 bind request returned ok. lsa_io_sec_qos: length c does not match size 8 ads: fetch sequence_number for FB05 get_dc_list: preferred server list: ", *" Connected to LDAP server 129.217.207.16 ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 ads_sasl_spnego_bind: got server principal name =server02$@FB05.STATISTIK.UNI-DORTMUND.DE ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] expiration Fri, 18 Aug 2006 07:48:40 CEST ads: enum_dom_groups ads enum_dom_groups gave 42 entries PANIC: assert failed at nsswitch/winbindd_dual.c(198) string_to_sid: Sid does not start with 'S-'. [15904]: list trusted domains ads: fetch sequence_number for FB05 get_dc_list: preferred server list: ", *" Connected to LDAP server 129.217.207.16 ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 ads_sasl_spnego_bind: got server principal name =server02$@FB05.STATISTIK.UNI-DORTMUND.DE ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] expiration Fri, 18 Aug 2006 07:48:40 CEST ads: trusted_domains rpc_pipe_bind: Remote machine SERVER02 pipe \NETLOGON fnum 0x3b bind request returned ok. rpc_pipe_bind: Remote machine SERVER02 pipe \NETLOGON fnum 0x803a bind request returned ok. PANIC: assert failed at nsswitch/winbindd_dual.c(198) the winbindd is still alive and returns now wrong usernames and groupnames prefixed by the winbind separator (i also tested it with "." ): root@testvm ~ # getent passwd \testadmin:*:16675:10513:testadmin testadmin:/home/testadmin:/bin/bash \testuser10:*:13443:10513:testuser10:/home/testuser10:/bin/bash \testuser11:*:13444:10513:testuser11:/home/testuser11:/bin/bash \testuser12:*:13445:10513:testuser12:/home/testuser12:/bin/bash \testuser13:*:13446:10513:testuser13:/home/testuser13:/bin/bash \testuser14:*:13447:10513:testuser14:/home/testuser14:/bin/bash ... root@testvm ~ # wbinfo -g \domainadmins \domainusers \dnsupdateproxy \sophosdomainuser \sophosdomainpoweruser \sophosdomainadministrator \schema-admins \organisations-admins ... and some groupnames are missing from the list (only 16 of 39 shown). the system tested on is a Linux-2.6.16-026test015 openvz kernel debian sarge gcc 3.3.5 samba svn revision 17592 (also reproduced with 3.0.23a) running winbindd only (no smbd/nmbd) as a member of a windows 2k3 sp1 domain smb.conf: [global] security = ads realm = FB05.STATISTIK.UNI-DORTMUND.DE workgroup = FB05 realm = fb05.statistik.uni-dortmund.de allow trusted domains = no winbind cache time = 60 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes template homedir = /home/%U template shell = /bin/bash idmap uid = 10000-200000 idmap gid = 10000-200000 idmap backend = rid:FB05=10000-200000 unix charset = ISO8859-15 log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d encrypt passwords = true socket options = TCP_NODELAY
reproducible with samba version 3.0.23c
reproduced with samba version 3.0.23d
please retest with a modern, supported samba relase like 4.12 or 4.13, if you still see a problem with that, please reopen this bug with a comapct description how to reproduce the error that you see.