Bug 4031 - calling "wbinfo -u" during winbind startup causes usernames to be prefixed by winbind separator / assert failed at nsswitch/winbindd_dual.c
calling "wbinfo -u" during winbind startup causes usernames to be prefixed by...
Status: NEW
Product: Samba 3.0
Classification: Unclassified
Component: winbind
3.0.23d
x86 Linux
: P3 normal
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-08-17 15:53 UTC by Bastian Schmitz
Modified: 2006-11-20 09:59 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Bastian Schmitz 2006-08-17 15:53:38 UTC
calling "wbinfo -u" during winbind startup causes usernames to be prefixed by the winbind separator. the usernames returned by "wbinfo -u" or "getent passwd" are also all lowercase. works also with groupnames. some groupnames are missing in the "output of wbinfo -g".

steps to reproduce:
root@testvm / # while true; do if [ `wbinfo -g 2>/dev/null| wc -l` -gt 0 ]; then break; fi; done & winbindd -i -d3
[1] 15903
winbindd version 3.0.24pre1-SVN-build-17592 started.
Copyright The Samba Team 2000-2004
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
map_file: Failed to load /usr/lib/samba/valid.dat - No such file or directory
creating default valid table
adding IPC service
idmap_init: using 'rid' as remote backend
Module '/usr/lib/samba/idmap/rid.so' loaded
rid_idmap_parse: parsing entry: 0
rid_idmap_parse:        entry 0 has name: [FB05]
rid_idmap_parse:        entry 0 has sid: [S-1-5-21-231109706-548016402-1897138802]
rid_idmap_parse:        entry 0 has min_id: [10000]
rid_idmap_parse:        entry 0 has max_id: [200000]
rid_idmap_init: using 1 mappings:
rid_idmap_init: domain: [FB05], sid: [S-1-5-21-231109706-548016402-1897138802], min_id: [10000], max_id: [200000]
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Added domain FB05 FB05.STATISTIK.UNI-DORTMUND.DE S-1-5-21-231109706-548016402-1897138802
Added domain TESTVM  S-1-5-21-858101053-1731373513-3760740979
Added domain BUILTIN  S-1-5-32
No nmbd found
[    0]: request interface version
[    0]: request location of privileged pipe
[    0]: list groups
get_sam_group_entries: Failed to enumerate domain local groups!
get_sam_group_entries: Failed to enumerate domain local groups!
No nmbd found
cm_get_ipc_userpass: No auth-user defined
Doing spnego session setup (blob length=128)
got OID=1 2 840 48018 1 2 2
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 113554 1 2 2 3
got OID=1 3 6 1 4 1 311 2 2 10
got principal=server02$@FB05.STATISTIK.UNI-DORTMUND.DE
cm_get_ipc_userpass: No auth-user defined
Doing kerberos session setup
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Fri, 18 Aug 2006 07:48:37 CEST
Doing spnego session setup (blob length=128)
got OID=1 2 840 48018 1 2 2
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 113554 1 2 2 3
got OID=1 3 6 1 4 1 311 2 2 10
got principal=server02$@FB05.STATISTIK.UNI-DORTMUND.DE
rpc_pipe_bind: Remote machine SERVER02 pipe \lsarpc fnum 0xc06b bind request returned ok.
rpc_pipe_bind: Remote machine SERVER02 pipe \lsarpc fnum 0xc05f bind request returned ok.
lsa_io_sec_qos: length c does not match size 8
Doing kerberos session setup
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Fri, 18 Aug 2006 07:48:37 CEST
rpc_pipe_bind: Remote machine SERVER02 pipe \lsarpc fnum 0x8028 bind request returned ok.
rpc_pipe_bind: Remote machine SERVER02 pipe \lsarpc fnum 0x8026 bind request returned ok.
lsa_io_sec_qos: length c does not match size 8
ads: fetch sequence_number for FB05
get_dc_list: preferred server list: ", *"
Connected to LDAP server 129.217.207.16
ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
ads_sasl_spnego_bind: got server principal name =server02$@FB05.STATISTIK.UNI-DORTMUND.DE
ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] expiration Fri, 18 Aug 2006 07:48:40 CEST
ads: enum_dom_groups
ads enum_dom_groups gave 42 entries
PANIC: assert failed at nsswitch/winbindd_dual.c(198)
string_to_sid: Sid  does not start with 'S-'.
[15904]: list trusted domains
ads: fetch sequence_number for FB05
get_dc_list: preferred server list: ", *"
Connected to LDAP server 129.217.207.16
ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
ads_sasl_spnego_bind: got server principal name =server02$@FB05.STATISTIK.UNI-DORTMUND.DE
ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] expiration Fri, 18 Aug 2006 07:48:40 CEST
ads: trusted_domains
rpc_pipe_bind: Remote machine SERVER02 pipe \NETLOGON fnum 0x3b bind request returned ok.
rpc_pipe_bind: Remote machine SERVER02 pipe \NETLOGON fnum 0x803a bind request returned ok.
PANIC: assert failed at nsswitch/winbindd_dual.c(198)


the winbindd is still alive and returns now wrong usernames and groupnames prefixed by the winbind separator (i also tested it with "." ):

root@testvm ~ # getent passwd
\testadmin:*:16675:10513:testadmin testadmin:/home/testadmin:/bin/bash
\testuser10:*:13443:10513:testuser10:/home/testuser10:/bin/bash
\testuser11:*:13444:10513:testuser11:/home/testuser11:/bin/bash
\testuser12:*:13445:10513:testuser12:/home/testuser12:/bin/bash
\testuser13:*:13446:10513:testuser13:/home/testuser13:/bin/bash
\testuser14:*:13447:10513:testuser14:/home/testuser14:/bin/bash
...

root@testvm ~ # wbinfo -g
\domainadmins
\domainusers
\dnsupdateproxy
\sophosdomainuser
\sophosdomainpoweruser
\sophosdomainadministrator
\schema-admins
\organisations-admins
...


and some groupnames are missing from the list (only 16 of 39 shown).

the system tested on is a 
Linux-2.6.16-026test015 openvz kernel
debian sarge 
gcc 3.3.5
samba svn revision 17592 (also reproduced with 3.0.23a)
running winbindd only (no smbd/nmbd)
as a member of a windows 2k3 sp1 domain

smb.conf:
[global]
   security = ads
   realm = FB05.STATISTIK.UNI-DORTMUND.DE
   workgroup = FB05
   realm = fb05.statistik.uni-dortmund.de
   allow trusted domains = no
   winbind cache time = 60
   winbind use default domain = yes
   winbind enum users = yes
   winbind enum groups = yes
   template homedir = /home/%U
   template shell = /bin/bash
   idmap uid = 10000-200000
   idmap gid = 10000-200000
   idmap backend = rid:FB05=10000-200000
   unix charset = ISO8859-15
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   encrypt passwords = true
   socket options = TCP_NODELAY
Comment 1 Bastian Schmitz 2006-09-16 14:08:53 UTC
reproducible with samba version 3.0.23c
Comment 2 Bastian Schmitz 2006-11-20 09:59:17 UTC
reproduced with samba version 3.0.23d