6112 – Upgrade of PDC to 3.2.8 breaks 3.0.33 winbind

Bug 6112 - Upgrade of PDC to 3.2.8 breaks 3.0.33 winbind

Summary: Upgrade of PDC to 3.2.8 breaks 3.0.33 winbind

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 3.2
Classification:	Unclassified
Component:	Winbind (show other bugs)
Version:	3.2.8
Hardware:	x86 Linux

Importance:	P3 regression
Target Milestone:	---
Assignee:	Jeremy Allison
QA Contact:	Samba QA Contact

URL:
Keywords:

Duplicates (1):	6177 (view as bug list)
Depends on:
Blocks:

Reported:	2009-02-13 09:59 UTC by Chaim Frenkel
Modified:	2009-06-12 04:57 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Logfiles log level 10, log.winbindd, log.wb-NLK, log.wb-VMLINUX (5.94 KB, application/octet-stream) 2009-02-15 08:22 UTC, Chaim Frenkel	no flags	Details
New set logs after fresh join. log level = 10 (29.19 KB, application/octet-stream) 2009-02-15 09:35 UTC, Chaim Frenkel	no flags	Details
Logs from PDC side. log level = 10 (144.25 KB, text/plain) 2009-02-15 17:42 UTC, Chaim Frenkel	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chaim Frenkel 2009-02-13 09:59:42 UTC

Upgraded my PDC from FC7 to FC10, which is currently at 3.2.8. At this point my 3.0.31 (in my ReadyNAS) lost the domain groups. A fresh install of FC8 in a vmware box with 3.0.33 also was unable to get the domain users or domain group.

From log.winbindd
[2009/02/07 19:08:27, 1] nsswitch/winbindd_util.c:trustdom_recv(230)
  Could not receive trustdoms   

From log.wb-NLK
[2009/02/08 06:19:52, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2363)                                       
  cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error NT_STATUS_INVALID_PARAMETER                         
[2009/02/08 06:25:01, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2363)                                       
  cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error NT_STATUS_INVALID_PARAMETER

Comment 1 Guenther Deschner 2009-02-13 14:14:04 UTC

Can you please provide more information, like a log level = 10 winbind logfile ? Thanks.

Comment 2 Chaim Frenkel 2009-02-15 08:22:59 UTC

Created attachment 3937 [details]
Logfiles log level 10, log.winbindd, log.wb-NLK, log.wb-VMLINUX

Added log level to smb.conf.
Stopped, removed old log files, restart winbind. Added wbinfo -u at the end.
Attached zip file with logs
log.winbindd
log.wb-NLK
log.wb-VMLINUX

Comment 3 Chaim Frenkel 2009-02-15 09:35:15 UTC

Created attachment 3938 [details]
New set logs after fresh join. log level = 10

I reran the previous test.
0. stopped winbind on client
1. on PDC removed machine entry
2. on client joined (logfile typescript)
3. displayed machine entry (logfile PDC.log)
4. set smb.conf log level = 10
5. restarted winbindd
Results attached

Comment 4 Chaim Frenkel 2009-02-15 17:42:54 UTC

Created attachment 3939 [details]
Logs from PDC side. log level = 10

From the PDC side. Did the run again.

0. Removed machine account (pdbedit -x -u vmlinux$)
1. winbind brought down
2. joined the domain. Successful
3. started winbind
4. wbinfo -u # Failed
5. wbinfo -g # Failed
6. net rpc user -S central  # Succeeded

Comment 5 Jason Bourne 2009-02-20 15:56:59 UTC

I experience same using OpenSUSE 11.1's samba-3.2.6-0.3.1-2042-SUSE-CODE11 and ReadyNAS's 3.0.31; blocks at "Could not receive trustdoms".

Comment 6 Chaim Frenkel 2009-03-03 06:44:23 UTC

(In reply to comment #1)
> Can you please provide more information, like a log level = 10 winbind logfile
> ? Thanks.
> 

Were the logs I provided sufficient? Do you need anything further? 

I'm currently at an impasse. All of the security that depends on groups, has been blown out of the water, and I've had to open things up a bit more than I really like.

Comment 7 Bartlomiej Solarz-Niesluchowski 2009-03-17 14:06:14 UTC

(In reply to comment #6)
> (In reply to comment #1)
> > Can you please provide more information, like a log level = 10 winbind logfile
> > ? Thanks.
> > 
> Were the logs I provided sufficient? Do you need anything further? 
> I'm currently at an impasse. All of the security that depends on groups, has
> been blown out of the water, and I've had to open things up a bit more than I
> really like.

BUG https://bugzilla.samba.org/show_bug.cgi?id=6177 is the same bug......

Comment 8 Sébastien Prud'homme 2009-03-17 18:31:34 UTC

Same as this: https://bugzilla.samba.org/show_bug.cgi?id=6089

My "workaround" is to comment everything in map_max_allowed_access in source/rpc_server/srv_samr_nt.c

Comment 9 Guenther Deschner 2009-05-19 03:37:13 UTC

Ok, samr access checks again :-)

This has been resolved in master and v3-4-test and we are currently collecting patches for Samba 3.3 and 3.2.

Comment 10 Guenther Deschner 2009-05-19 16:34:04 UTC

*** Bug 6177 has been marked as a duplicate of this bug. ***

Comment 11 Guenther Deschner 2009-06-12 04:57:22 UTC

Fixed for next Samba 3.2 release (by reverting to previous behaviour).