thought we managed to solve our problem about listing users from trusted domains using 'getent passwd' as described in bug 3661. But then after some testing we've encountered another problem which - we believe - is directly related to bug 3661: after joining our host to the primary domain (win2k8) and getting our domain-users from both domains (the one we're directly joined to as well as the trusted domain), we can now log-in locally as one of our domain-users. They can also be given sudoers'-rights. So here's our problem: when logging in as a domain-user from the domain we're directly joined to everything works fine. When trying to execute a 'sudo'-command after about 10 minutes of idle time the system asks for the user's password for re-authentication. But when we try to use a domain-user from the trusted domain, about 10 minutes after having logged-in the system just seems to have lost the identity of our user. When trying to execute any 'sudo'-command we only get the following error message: "uid xyz does not exist in the passwd file!" Taking a look at log.wb-DOMAIN and log.wb-TRUSTEDDOMAIN shows that while log.wb-DOMAIN has regular domain-queries every five minutes, log.wb-TRUSTEDDOMAIN only shows manual query-entries. ------------------------ log.wb-DOMAIN: (triggered every five minutes) ------------------------ [2008/09/18 13:16:01, 4] nsswitch/winbindd_dual.c:fork_domain_child(1080) child daemon request 19 [2008/09/18 13:16:01, 3] nsswitch/winbindd_misc.c:winbindd_dual_list_trusted_dom ains(121) [ 2558]: list trusted domains [2008/09/18 13:16:01, 3] nsswitch/winbindd_ads.c:sequence_number(1010) ads: fetch sequence_number for WIN2K8 [2008/09/18 13:16:01, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64) Search for (objectclass=*) in <> gave 1 replies ------------------------ So, my guess is that there has to be a loop somewhere that triggers these queries but it only includes the primary domain. Can anyone help me find the crucial places within the source code so that I can try to find a solution? Regards, Christina Jagodics
A number of people have reported problems with that patch. So this bug report is really about issues with that private patch. I'm working on a new version for upstream so am closing this on as a dup of BUG 3661. Until we have a fix that is agreed to push upstream, it doesn't make sense to to attempt to debug this. Hang tight and I will try to hacve a solution for you soon. *** This bug has been marked as a duplicate of 3661 ***