Bug 6177 - winbind user and group enumeration on domain member broken after PDC upgrade to 3.2.8
Summary: winbind user and group enumeration on domain member broken after PDC upgrade ...
Status: RESOLVED DUPLICATE of bug 6112
Alias: None
Product: Samba 3.2
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 3.2.8
Hardware: x86 Linux
: P3 major
Target Milestone: ---
Assignee: Guenther Deschner
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-03-10 06:07 UTC by Alexander 'Leo' Bergolth
Modified: 2009-05-19 16:34 UTC (History)
2 users (show)

See Also:


Attachments
winbind debug level 10 log on the domain member (393.65 KB, text/plain)
2009-03-10 06:10 UTC, Alexander 'Leo' Bergolth
no flags Details
winbind debug level 10 log on the domain member (212.46 KB, text/plain)
2009-03-10 06:11 UTC, Alexander 'Leo' Bergolth
no flags Details
debug level 10 log on the PDC (712.82 KB, text/plain)
2009-03-10 06:12 UTC, Alexander 'Leo' Bergolth
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander 'Leo' Bergolth 2009-03-10 06:07:50 UTC
After upgrading to 3.2.8, winbind on a domain member (tested with 3.0.30 and 3.2.8) stopped working.

wbinfo -u doesn't show anything, wbinfo -g only shows BUILTIN groups.

Looking up users with wbinfo -n works though. wbinfo -t and --own-domain also show the expected results. winbind on the PDC works fine.

# wbinfo -n RK_KLBG\\abergolth
S-1-5-21-181998944-1107627502-2274996074-3324 User (1)

I've attached the debug-level 10 output both from the domain member and the PDC.

Maybe this bug is connected to Bug 6112.
Comment 1 Alexander 'Leo' Bergolth 2009-03-10 06:10:02 UTC
Created attachment 3985 [details]
winbind debug level 10 log on the domain member
Comment 2 Alexander 'Leo' Bergolth 2009-03-10 06:11:40 UTC
Created attachment 3986 [details]
winbind debug level 10 log on the domain member
Comment 3 Alexander 'Leo' Bergolth 2009-03-10 06:12:14 UTC
Created attachment 3987 [details]
debug level 10 log on the PDC
Comment 4 Bartlomiej Solarz-Niesluchowski 2009-03-12 04:58:56 UTC
I have the same problem:
in my opinion bug sit in PDC not in domain member.

I have two big instalations of samba:
one domain member is 3.0.33 PDC 3.2.8
[root@see-you-later ~]# wbinfo --all-domains
WSISIZ.EDU.PL
[root@see-you-later ~]# wbinfo -u
Error looking up domain users

second one:
domain member is 3.2.8 PDC 3.3.1 (but 3.2.8 tested too)
[root@aero samba]# wbinfo -u
[root@aero samba]# wbinfo --all-domains
BUILTIN
AERO
IBSPAN.WAW.PL

i think bug sit here:
[2009/03/12 10:52:04,  4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(171)
  Found policy hnd[0] _samr_OpenDomain: access check ((granted: 0x00020010;  required: 0x00000020)
[2009/03/12 10:52:04,  2] rpc_server/srv_samr_nt.c:access_check_samr_function(247)
  _samr_OpenDomain: ACCESS DENIED (granted: 0x00020010;  required: 0x00000020)

if winbind does not work authorization thru pam_winbind does not work too - in my case I lost authorization source for jabber server....

Comment 5 Bartlomiej Solarz-Niesluchowski 2009-03-17 14:04:12 UTC
(In reply to comment #4)
> I have the same problem:
> in my opinion bug sit in PDC not in domain member.
> I have two big instalations of samba:
> second one:
> domain member is 3.2.8 PDC 3.3.1 (but 3.2.8 tested too)
3.3.2 tested too on PDC and no luck...

But it seems that BUG https://bugzilla.samba.org/show_bug.cgi?id=6112 it is the SAME problem!
Comment 6 Bartlomiej Solarz-Niesluchowski 2009-04-17 14:46:27 UTC
(In reply to comment #3)
> Created an attachment (id=3987) [details]
> debug level 10 log on the PDC

look here:
https://bugzilla.samba.org/show_bug.cgi?id=6089
Comment 7 Guenther Deschner 2009-04-17 14:54:17 UTC
Absolutely right, there are many incarnations of this bug, and we hope to have it fixed in 3.2 and 3.3 branches. I see if I can merge all the bug duplicates. Thanks for the reminder!

Guenther
Comment 8 Jeremy Allison 2009-04-17 19:20:16 UTC
FYI. I checked in the fix I added to 3.2.x to all current git branches. So if it's fixed in 3.2.11 then it'll be fixed in all subsequent 3.3.x releases (and the upcoming 3.4.0).

Jeremy.
Comment 9 Karolin Seeger 2009-05-11 04:47:11 UTC
Closing out bug report.
Please re-open if it's still an issue in Samba 3.2.11.

Thanks for reporting!
Comment 10 Guenther Deschner 2009-05-11 05:56:39 UTC
still an issue. reopening.
Comment 11 Guenther Deschner 2009-05-19 16:34:04 UTC

*** This bug has been marked as a duplicate of bug 6112 ***