Bug 597 - nss_winbind can't provide GECOS field for domain users when working in SECURITY = DOMAIN mode
Summary: nss_winbind can't provide GECOS field for domain users when working in SECURI...
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.0
Hardware: All Solaris
: P3 normal
Target Milestone: 3.0.1
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact:
URL:
Keywords:
Depends on:
Blocks: 807
  Show dependency treegraph
 
Reported: 2003-10-10 02:57 UTC by Sergei V. Rozinov
Modified: 2005-11-14 09:28 UTC (History)
0 users

See Also:


Attachments
get full name when enumerating users (2.83 KB, patch)
2003-11-25 20:54 UTC, Gerald (Jerry) Carter (dead mail address)
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Sergei V. Rozinov 2003-10-10 02:57:36 UTC
When nss_winbind is configured and getpwent() is called
for domain users, winbind fills NULL in GECOS user's field.
This behavior is observed in samba-3.0, configured with
SECURITY = DOMAIN model.
For the same configuration samba-2.2.8 works fine.

When using samba-3.0 with SECURITY = ADS, the GECOS (fullname)
field is filled OKay.

Below is the part of winbindd logfile which shows that there is
NULL returned in uni_full_name.

[2003/10/10 18:52:27, 6] rpc_parse/parse_prs.c:prs_debug(81)
      0000e6 smb_io_unistr2 - NULL uni_full_name
[2003/10/10 18:52:27, 6] rpc_parse/parse_prs.c:prs_debug(81)
      0000e6 smb_io_unistr2 - NULL uni_logon_script
[2003/10/10 18:52:27, 6] rpc_parse/parse_prs.c:prs_debug(81)
      0000e6 smb_io_unistr2 - NULL uni_profile_path
[2003/10/10 18:52:27, 6] rpc_parse/parse_prs.c:prs_debug(81)
      0000e6 smb_io_unistr2 - NULL uni_home_dir
Comment 1 Gerald (Jerry) Carter (dead mail address) 2003-11-11 20:55:51 UTC
I think this is actually a caching issue.
Can you remove the netsamlogon_cache.tdb and
retry this?  I just tried it on a Samba PDC running
winbindd and it worked as expected.

But if the DC is returning NULL for the full name,
there's nothing we can do.
Comment 2 Sergei V. Rozinov 2003-11-14 10:38:46 UTC
Note that my PDC is Windows 2000 PDC in mixed mode.
I've removed netsamlogon_cache.tdb and retried;
it works but partially.
For example, the command

getent passwd sibron\\rvs

gives correct results (GECOS present)

SIBRON\rvs:x:45096:45001:User name for RVS:/nonexist:/nonexist

But the "enumerator" command

getent passwd

gives GECOS only for UNIX users, and then successfully enumerates
Windows users but doesn't provide GECOS:

lp:x:71:8:Line Printer Admin:/usr/spool/lp:
[SEVERAL LINES SUPPRESSED]
SIBRON\Administrator:x:45000:45001::/nonexist:/nonexist
SIBRON\Guest:x:45001:45001::/nonexist:/nonexist
SIBRON\rvs:x:45002:45001::/nonexist:/nonexist
[SEVERAL LINES SUPPRESSED]
Comment 3 Gerald (Jerry) Carter (dead mail address) 2003-11-25 15:33:48 UTC
confirmed against NT4 PDC as well
Comment 4 Gerald (Jerry) Carter (dead mail address) 2003-11-25 19:50:54 UTC
The way to fix this in winbindd_rpc.c is to change
the query_user_list() call to use samr_query_disp_info(level==1).
Comment 5 Gerald (Jerry) Carter (dead mail address) 2003-11-25 20:54:19 UTC
Created attachment 272 [details]
get full name when enumerating users
Comment 6 Gerald (Jerry) Carter (dead mail address) 2003-11-25 20:56:02 UTC
this patch is a start.  It's only applies when using RPC
to enumerate users (e.g. security = domain or non-native AD
trusted domains).  We'll probably need to do the same for groups
and I need to test this against large numbers of users/groups.
Please let me know if this helps your setup.
Comment 7 Gerald (Jerry) Carter (dead mail address) 2003-11-26 20:40:21 UTC
Checked in the fix for 3.0.1
Comment 8 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:18:29 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
Comment 9 Gerald (Jerry) Carter (dead mail address) 2005-11-14 09:28:51 UTC
database cleanup