Bug 597 - nss_winbind can't provide GECOS field for domain users when working in SECURITY = DOMAIN mode
nss_winbind can't provide GECOS field for domain users when working in SECURI...
Status: CLOSED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: winbind
3.0.0
All Solaris
: P3 normal
: 3.0.1
Assigned To: Gerald (Jerry) Carter
:
Depends on:
Blocks: 807
  Show dependency treegraph
 
Reported: 2003-10-10 02:57 UTC by Sergei V. Rozinov
Modified: 2005-11-14 09:28 UTC (History)
0 users

See Also:


Attachments
get full name when enumerating users (2.83 KB, patch)
2003-11-25 20:54 UTC, Gerald (Jerry) Carter
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Sergei V. Rozinov 2003-10-10 02:57:36 UTC
When nss_winbind is configured and getpwent() is called
for domain users, winbind fills NULL in GECOS user's field.
This behavior is observed in samba-3.0, configured with
SECURITY = DOMAIN model.
For the same configuration samba-2.2.8 works fine.

When using samba-3.0 with SECURITY = ADS, the GECOS (fullname)
field is filled OKay.

Below is the part of winbindd logfile which shows that there is
NULL returned in uni_full_name.

[2003/10/10 18:52:27, 6] rpc_parse/parse_prs.c:prs_debug(81)
      0000e6 smb_io_unistr2 - NULL uni_full_name
[2003/10/10 18:52:27, 6] rpc_parse/parse_prs.c:prs_debug(81)
      0000e6 smb_io_unistr2 - NULL uni_logon_script
[2003/10/10 18:52:27, 6] rpc_parse/parse_prs.c:prs_debug(81)
      0000e6 smb_io_unistr2 - NULL uni_profile_path
[2003/10/10 18:52:27, 6] rpc_parse/parse_prs.c:prs_debug(81)
      0000e6 smb_io_unistr2 - NULL uni_home_dir
Comment 1 Gerald (Jerry) Carter 2003-11-11 20:55:51 UTC
I think this is actually a caching issue.
Can you remove the netsamlogon_cache.tdb and
retry this?  I just tried it on a Samba PDC running
winbindd and it worked as expected.

But if the DC is returning NULL for the full name,
there's nothing we can do.
Comment 2 Sergei V. Rozinov 2003-11-14 10:38:46 UTC
Note that my PDC is Windows 2000 PDC in mixed mode.
I've removed netsamlogon_cache.tdb and retried;
it works but partially.
For example, the command

getent passwd sibron\\rvs

gives correct results (GECOS present)

SIBRON\rvs:x:45096:45001:User name for RVS:/nonexist:/nonexist

But the "enumerator" command

getent passwd

gives GECOS only for UNIX users, and then successfully enumerates
Windows users but doesn't provide GECOS:

lp:x:71:8:Line Printer Admin:/usr/spool/lp:
[SEVERAL LINES SUPPRESSED]
SIBRON\Administrator:x:45000:45001::/nonexist:/nonexist
SIBRON\Guest:x:45001:45001::/nonexist:/nonexist
SIBRON\rvs:x:45002:45001::/nonexist:/nonexist
[SEVERAL LINES SUPPRESSED]
Comment 3 Gerald (Jerry) Carter 2003-11-25 15:33:48 UTC
confirmed against NT4 PDC as well
Comment 4 Gerald (Jerry) Carter 2003-11-25 19:50:54 UTC
The way to fix this in winbindd_rpc.c is to change
the query_user_list() call to use samr_query_disp_info(level==1).
Comment 5 Gerald (Jerry) Carter 2003-11-25 20:54:19 UTC
Created attachment 272 [details]
get full name when enumerating users
Comment 6 Gerald (Jerry) Carter 2003-11-25 20:56:02 UTC
this patch is a start.  It's only applies when using RPC
to enumerate users (e.g. security = domain or non-native AD
trusted domains).  We'll probably need to do the same for groups
and I need to test this against large numbers of users/groups.
Please let me know if this helps your setup.
Comment 7 Gerald (Jerry) Carter 2003-11-26 20:40:21 UTC
Checked in the fix for 3.0.1
Comment 8 Gerald (Jerry) Carter 2005-08-24 10:18:29 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
Comment 9 Gerald (Jerry) Carter 2005-11-14 09:28:51 UTC
database cleanup