Bug 9506 - samba showing old connections
Summary: samba showing old connections
Status: RESOLVED INVALID
Alias: None
Product: Samba 3.5
Classification: Unclassified
Component: File services (show other bugs)
Version: 3.5.16
Hardware: All All
: P5 normal
Target Milestone: ---
Assignee: Michael Adam
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-12-17 09:29 UTC by Jason Haar
Modified: 2013-02-20 01:16 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jason Haar 2012-12-17 09:29:53 UTC
Hi there

I've been having a problem with Samba for over a year now where once in a while winbind "corrupts" the association between SIDs and UIDs. I just had a doozie of an example of this tonight where a user connected to a Samba share and somehow managed to have two different AD accounts associated with the same connection! I know this is corruption (and not some terminal server skulduggery) because one of the accounts is mine and I know I'm not currently logged into this user's workstation :-) This is a heinous error as the user creates files and they're owned by someone else  (some of the time?)


PID     Username      Group         Machine                       
-------------------------------------------------------------------
6532      DOM1\userA     DOM1\group1  192.168.2.248
6532      DOM2\userB   DOM2\group2  192.168.2.248

Service      pid     machine       Connected at
-------------------------------------------------------
sharename1  6532   192.168.2.248   Mon Dec 17 08:21:33 2012
sharename1  6532   192.168.2.248   Mon Dec 17 05:51:56 2012

Locked files:
Pid          Uid        DenyMode   Access      R/W        Oplock           SharePath   Name   Time
--------------------------------------------------------------------------------------------------
6532         10001      DENY_NONE  0x100081    RDONLY     NONE             /path/dir1   dir2   Mon Dec 17 05:51:57 2012
6532         10000      DENY_NONE  0x100081    RDONLY     NONE             /path/dir1   dir2   Mon Dec 17 08:21:34 2012

As you can see, the smbd PID is the same, the IP address is the same - but there are somehow two usernames attached, each with different UIDs.

The problem has existed for many versions of 3.5.X (currently on 3.5.16). I'm primarily running CentOS-4 with hand-built 3.5.16, but have also seen this happen once a couple of months ago on a "pure" CentOS-6.3 running vendor-supplied samba-3.5.10 - so it's not related to us primarily running older systems.

To fix simply involves "rm -f /var/lib/samba/*cache* /var/lib/samba/*winb*tdb" and restarting winbind - so I'm sure it's corruption? (restarting winbind with the old cache files doesn't fix the problem)

Any ideas how to fix this?

Thanks

Jason
Comment 1 Björn Jacke 2013-02-20 00:41:34 UTC
restarting smbd would reset that connection, this is no winbind thing. You probably had been connected to that workstation in the past. And I've seen also Windows workstations which did not close connections after logging off. In that case smbd will show that connection later on, even if other users logged on that workstation again. This is how it is.
Comment 2 Jason Haar 2013-02-20 01:16:52 UTC
(In reply to comment #1)
> restarting smbd would reset that connection, this is no winbind thing. You
> probably had been connected to that workstation in the past. And I've seen also
> Windows workstations which did not close connections after logging off. In that
> case smbd will show that connection later on, even if other users logged on
> that workstation again. This is how it is.

Well that's not what happened for us. We did restart both smb and winbind and the user reconnects and gets the same incorrect UID. Only trashing the winbind cache fixes it. Also I absolutely have never connected to that machine before: I'm in New Zealand and it was in some US city - and I don't run Windows normally anyway :-)