we've a problem with shifting UIDs in 'getent passwd' after booting to another
our environment is :
Redhat 7.3 with kernel-smp-2.4.20-24.7 and kernel-smp-2.4.20-27.7
configured to import about 1400 Windows UserIDs and groups from an W2K Domain
which is running in Domain compatibility mode (NT-Servers are available too).
The UIDs change only on a machine if we are booting the other kernel. If we boot
the other (old) kernel again, the UIDs are changing back to the old values. The
new values that are beeing determined at the first time this kernel is booted
seems to be ordered by connection appearance. My account i.e. changed from 10478
to 10000 an I think I was the first user who has connected to the SaMBa server
via 'net view' from an W2K Client.
Isn't this a security probleme ?
Please let us know, if you need further information.
The phenomen looks like this :
USERID:UID NEW:SID NEW:COMMENT NEW with kernel-smp-2.4.20-27.7
USERID:UID OLD:SID OLD:COMMENT OLD with kernel-smp-2.4.20-24.7
winbind relevant keywords in /etc/samba/smb.conf :
password server = PDC BDC
security = domain
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind cache time = 15
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/false
What does a debug level 10 log.winbindd with the failing kernel say?
It sounds like a corrupt or otherwise not useable winbindd_idmap.tdb.
Do you have reiserfs running? I've seen problems with .tdb-files on reiserfs
/var is a separate filesystem in our configurations and is formatted as an ext3,
is sized properly and is being mounted before winbind starts (S91winbind in
the permission of the file is
-rw------- 1 root root 253952 Jan 5 10:15 winbindd_idmap.tdb
I'll send you the debuglevel 10 output of log.winbindd to email@example.com.
sorry, for your information : it fails with any kernel but the changes appear
only when booting it the first time. A second or third boot of the same kernel
I`ve found the putative bug.
It is not a bug. This behavior is caused by RedHat initscripts. They are
cleaning all files in the folder /var/lock/samba when you are booting to an
other kernelrelease. Then winbindd creates a new database with certainly new UIDs.
solution was to insert a line 'lock dir = /somewhere/else/than/var/lock' in the
glogal section of smb.conf
Thank you for helping to find out the problem
Fixed as verified by Volker Hayd.