Bug 7742 - winbind nss info = rfc2307 breaks idmap
Summary: winbind nss info = rfc2307 breaks idmap
Status: RESOLVED WORKSFORME
Alias: None
Product: Samba 3.5
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 3.5.6
Hardware: x64 Linux
: P3 normal
Target Milestone: ---
Assignee: Michael Adam
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-10-20 04:23 UTC by Andrew Lyon
Modified: 2019-07-14 21:11 UTC (History)
0 users

See Also:


Attachments
smb.conf (1.03 KB, text/plain)
2010-10-20 04:23 UTC, Andrew Lyon
no flags Details
log.nmbd (9.75 KB, application/octet-stream)
2010-10-20 04:24 UTC, Andrew Lyon
no flags Details
log.winbindd (67.76 KB, application/octet-stream)
2010-10-20 04:24 UTC, Andrew Lyon
no flags Details
log.wb-SAMBATEST (6.86 KB, application/octet-stream)
2010-10-20 04:24 UTC, Andrew Lyon
no flags Details
log.winbindd-dc-connect (925 bytes, application/octet-stream)
2010-10-20 04:25 UTC, Andrew Lyon
no flags Details
log.smbd (17.24 KB, application/octet-stream)
2010-10-20 04:25 UTC, Andrew Lyon
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Lyon 2010-10-20 04:23:31 UTC
winbind nss info = rfc2307 seems to break idmap, I setup a new 2003R2 domain with a single dc and a samba 3.5.6 server, with winbind nss info = rfc2307 idmap does not work and I cannot list users using wbinfo or other tools.

If I run samba with winbind nss info = rfc2307 disabled everything seems to work ok, if I then run samba with winbind nss info = rfc2307 enabled again idmap seems to work for a few seconds and then stops working just before winbind logs this event:

Module '/usr/lib64/samba/nss_info/rfc2307.so' loaded

For example here I ran a script to run wbinfo -i testuser in a loop and output a timestamp with milliseconds to compare with the samba logs:

2010/10/20 10:21:18.619622 testuser:*:10000:10010:TestUser:/home/TestUser:/bin/sh 
2010/10/20 10:21:18.652914 testuser:*:10000:10010:TestUser:/home/TestUser:/bin/sh 
2010/10/20 10:21:18.684316 testuser:*:10000:10010:TestUser:/home/TestUser:/bin/sh 
2010/10/20 10:21:18.719439 Could not get info for user testuser 
2010/10/20 10:21:18.801538 Could not get info for user testuser 

And here is the nss module event:

[2010/10/20 10:21:18.754273,  2] lib/module.c:64(do_smb_load_module)
  Module '/usr/lib64/samba/nss_info/rfc2307.so' loaded

During the first few seconds while mapping is working the nss info does seem to be read from ad correctly, in smb.conf I have template shell set to /bin/bash and you can see that the testuser above has /bin/sh shell which is what is set in AD.

I will attach logfiles and smb.conf

Andy
Comment 1 Andrew Lyon 2010-10-20 04:23:54 UTC
Created attachment 6021 [details]
smb.conf
Comment 2 Andrew Lyon 2010-10-20 04:24:10 UTC
Created attachment 6022 [details]
log.nmbd
Comment 3 Andrew Lyon 2010-10-20 04:24:35 UTC
Created attachment 6023 [details]
log.winbindd
Comment 4 Andrew Lyon 2010-10-20 04:24:47 UTC
Created attachment 6024 [details]
log.wb-SAMBATEST
Comment 5 Andrew Lyon 2010-10-20 04:25:02 UTC
Created attachment 6025 [details]
log.winbindd-dc-connect
Comment 6 Andrew Lyon 2010-10-20 04:25:15 UTC
Created attachment 6026 [details]
log.smbd
Comment 7 Björn Jacke 2011-03-01 06:10:27 UTC
is this fixed with the rewritten idmap code in 3.6 ?
Comment 8 Volker Lendecke 2011-03-01 08:03:23 UTC
I had to use apply c427b79 to make this work. Maybe this problem is the same?
Comment 9 Björn Jacke 2019-07-14 21:11:15 UTC
with properly filled uidnumber/gidnumber attributes this as been working for me since years now in nany setups.