We have a domain named "NA" with group named "our-group-name" containing 58 members (names changed to protect the innocent/guilty). Using a simple test program that uses getgrnam() to list the users that are members of a specified group (get_group_members - attached below), we see something like this: ./get_group_members NA\\our-group-name NA\na\charlie NA\na\sally NA\na\lucy NA\snoopy NA\linus ... Note that the first 3 user names are prefixed with "NA\na\" instead of just "NA\". That's the problem that is the topic of this bug report. The particular usernames that contain the extra "na\" prefix varies every 15-30 minutes. E.g., if we run "./get_group_members NA\\our-group-name" an hour from now, we may see linus being reported INcorrectly ("NA\na\linus"), and charlie being reported correctly ("NA\charlie"). Every 15-30 minutes, a different set of 1-5 users seem to enter this group membership "penalty box" (without any manual user intervention). Prior to our upgrade to 3.0.26a and subsequently to 3.0.28, we did NOT have this problem. Here is get_group_members.c: #include <sys/types.h> #include <pwd.h> #include <grp.h> #include <stdio.h> #include <unistd.h> void usage() { fprintf(stderr, "Usage: get_group_members <group_name>\n"); fprintf(stderr, "List all users who are members of the group <group_name>\n"); exit(1); } int main(int argc, char *argv[]) { char *groupname; struct group *grent; char **members; if (argc != 2) usage(); groupname = argv[1]; if((grent = getgrnam(groupname)) && grent->gr_mem) { members = grent->gr_mem; while (*members) { printf("%s\n", *members); members ++; } return 0; } else { printf("group name %s not valid\n", groupname); return 1; } }
is this still happening with more recent versions? I've never seen something like this happending with Winbind users.