Bug 6112 - Upgrade of PDC to 3.2.8 breaks 3.0.33 winbind
Upgrade of PDC to 3.2.8 breaks 3.0.33 winbind
Status: RESOLVED FIXED
Product: Samba 3.2
Classification: Unclassified
Component: Winbind
3.2.8
x86 Linux
: P3 regression
: ---
Assigned To: Jeremy Allison
Samba QA Contact
:
: 6177 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-02-13 09:59 UTC by Chaim Frenkel
Modified: 2009-06-12 04:57 UTC (History)
3 users (show)

See Also:


Attachments
Logfiles log level 10, log.winbindd, log.wb-NLK, log.wb-VMLINUX (5.94 KB, application/octet-stream)
2009-02-15 08:22 UTC, Chaim Frenkel
no flags Details
New set logs after fresh join. log level = 10 (29.19 KB, application/octet-stream)
2009-02-15 09:35 UTC, Chaim Frenkel
no flags Details
Logs from PDC side. log level = 10 (144.25 KB, text/plain)
2009-02-15 17:42 UTC, Chaim Frenkel
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Chaim Frenkel 2009-02-13 09:59:42 UTC
Upgraded my PDC from FC7 to FC10, which is currently at 3.2.8. At this point my 3.0.31 (in my ReadyNAS) lost the domain groups. A fresh install of FC8 in a vmware box with 3.0.33 also was unable to get the domain users or domain group.

From log.winbindd
[2009/02/07 19:08:27, 1] nsswitch/winbindd_util.c:trustdom_recv(230)
  Could not receive trustdoms   

From log.wb-NLK
[2009/02/08 06:19:52, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2363)                                       
  cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error NT_STATUS_INVALID_PARAMETER                         
[2009/02/08 06:25:01, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2363)                                       
  cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error NT_STATUS_INVALID_PARAMETER
Comment 1 Guenther Deschner 2009-02-13 14:14:04 UTC
Can you please provide more information, like a log level = 10 winbind logfile ? Thanks.
Comment 2 Chaim Frenkel 2009-02-15 08:22:59 UTC
Created attachment 3937 [details]
Logfiles log level 10, log.winbindd, log.wb-NLK, log.wb-VMLINUX

Added log level to smb.conf.
Stopped, removed old log files, restart winbind. Added wbinfo -u at the end.
Attached zip file with logs
log.winbindd
log.wb-NLK
log.wb-VMLINUX
Comment 3 Chaim Frenkel 2009-02-15 09:35:15 UTC
Created attachment 3938 [details]
New set logs after fresh join. log level = 10

I reran the previous test.
0. stopped winbind on client
1. on PDC removed machine entry
2. on client joined (logfile typescript)
3. displayed machine entry (logfile PDC.log)
4. set smb.conf log level = 10
5. restarted winbindd
Results attached
Comment 4 Chaim Frenkel 2009-02-15 17:42:54 UTC
Created attachment 3939 [details]
Logs from PDC side. log level = 10

From the PDC side. Did the run again.

0. Removed machine account (pdbedit -x -u vmlinux$)
1. winbind brought down
2. joined the domain. Successful
3. started winbind
4. wbinfo -u # Failed
5. wbinfo -g # Failed
6. net rpc user -S central  # Succeeded
Comment 5 Jason Bourne 2009-02-20 15:56:59 UTC
I experience same using OpenSUSE 11.1's samba-3.2.6-0.3.1-2042-SUSE-CODE11 and ReadyNAS's 3.0.31; blocks at "Could not receive trustdoms".
Comment 6 Chaim Frenkel 2009-03-03 06:44:23 UTC
(In reply to comment #1)
> Can you please provide more information, like a log level = 10 winbind logfile
> ? Thanks.
> 

Were the logs I provided sufficient? Do you need anything further? 

I'm currently at an impasse. All of the security that depends on groups, has been blown out of the water, and I've had to open things up a bit more than I really like.
Comment 7 Bartlomiej Solarz-Niesluchowski 2009-03-17 14:06:14 UTC
(In reply to comment #6)
> (In reply to comment #1)
> > Can you please provide more information, like a log level = 10 winbind logfile
> > ? Thanks.
> > 
> Were the logs I provided sufficient? Do you need anything further? 
> I'm currently at an impasse. All of the security that depends on groups, has
> been blown out of the water, and I've had to open things up a bit more than I
> really like.

BUG https://bugzilla.samba.org/show_bug.cgi?id=6177 is the same bug......
Comment 8 Sébastien Prud'homme 2009-03-17 18:31:34 UTC
Same as this: https://bugzilla.samba.org/show_bug.cgi?id=6089

My "workaround" is to comment everything in map_max_allowed_access in source/rpc_server/srv_samr_nt.c
Comment 9 Guenther Deschner 2009-05-19 03:37:13 UTC
Ok, samr access checks again :-)

This has been resolved in master and v3-4-test and we are currently collecting patches for Samba 3.3 and 3.2.
Comment 10 Guenther Deschner 2009-05-19 16:34:04 UTC
*** Bug 6177 has been marked as a duplicate of this bug. ***
Comment 11 Guenther Deschner 2009-06-12 04:57:22 UTC
Fixed for next Samba 3.2 release (by reverting to previous behaviour).