thought we managed to solve our problem about listing users from trusted domains using 'getent passwd' as described in bug 3661.
But then after some testing we've encountered another problem which - we believe - is directly related to bug 3661:
after joining our host to the primary domain (win2k8) and getting our domain-users from both domains (the one we're directly joined to as well as the trusted domain), we can now log-in locally as one of our domain-users. They can also be given sudoers'-rights.
So here's our problem: when logging in as a domain-user from the domain we're
directly joined to everything works fine.
When trying to execute a 'sudo'-command after about 10 minutes of idle time
the system asks for the user's password for re-authentication.
But when we try to use a domain-user from the trusted domain, about 10 minutes
after having logged-in the system just seems to have lost the identity of our
When trying to execute any 'sudo'-command we only get the following error
"uid xyz does not exist in the passwd file!"
Taking a look at log.wb-DOMAIN and log.wb-TRUSTEDDOMAIN shows that while log.wb-DOMAIN has regular domain-queries every five minutes, log.wb-TRUSTEDDOMAIN only shows manual query-entries.
log.wb-DOMAIN: (triggered every five minutes)
[2008/09/18 13:16:01, 4] nsswitch/winbindd_dual.c:fork_domain_child(1080)
child daemon request 19
[2008/09/18 13:16:01, 3] nsswitch/winbindd_misc.c:winbindd_dual_list_trusted_dom
[ 2558]: list trusted domains
[2008/09/18 13:16:01, 3] nsswitch/winbindd_ads.c:sequence_number(1010)
ads: fetch sequence_number for WIN2K8
[2008/09/18 13:16:01, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64)
Search for (objectclass=*) in <> gave 1 replies
So, my guess is that there has to be a loop somewhere that triggers these queries but it only includes the primary domain.
Can anyone help me find the crucial places within the source code so that I can try to find a solution?
A number of people have reported problems with that patch. So this bug report
is really about issues with that private patch. I'm working on a new version for
upstream so am closing this on as a dup of BUG 3661. Until we have a fix that
is agreed to push upstream, it doesn't make sense to to attempt to debug this.
Hang tight and I will try to hacve a solution for you soon.
*** This bug has been marked as a duplicate of 3661 ***