9726 – Winbind use default domain = yes not honored in 4.0.3 and possibly causing ACL issue

Bug 9726 - Winbind use default domain = yes not honored in 4.0.3 and possibly causing ACL issue

Summary: Winbind use default domain = yes not honored in 4.0.3 and possibly causing AC...

Status:	RESOLVED DUPLICATE of bug 9780

Alias:	None

Product:	Samba 4.0
Classification:	Unclassified
Component:	Winbind (show other bugs)
Version:	4.0.0
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-03-16 17:09 UTC by Steve
Modified:	2014-01-28 23:27 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Steve 2013-03-16 17:09:26 UTC

I have my smb.conf set to not list default domain, but it still does.  I am using the default winbind that is built within samba.  Here is my config:

Samba version: 4.0.3
Build environment:
   Build host:  Linux simba.tomato.local 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Mar 13 00:26:49 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Paths:
   BINDIR: /usr/local/samba/bin
   SBINDIR: /usr/local/samba/sbin
   CONFIGFILE: /usr/local/samba/etc/smb.conf
   NCALRPCDIR: /usr/local/samba/var/run/ncalrpc
   LOGFILEBASE: /usr/local/samba/var
   LMHOSTSFILE: /usr/local/samba/etc/lmhosts
   DATADIR: /usr/local/samba/share
   MODULESDIR: /usr/local/samba/lib
   LOCKDIR: /usr/local/samba/var/lock
   STATEDIR: /usr/local/samba/var/locks
   CACHEDIR: /usr/local/samba/var/cache
   PIDDIR: /usr/local/samba/var/run
   PRIVATE_DIR: /usr/local/samba/private
   SWATDIR: /usr/local/samba/share/swat
   CODEPAGEDIR: /usr/local/samba/share/codepages
   SETUPDIR: /usr/local/samba/share/setup
   WINBINDD_SOCKET_DIR: /usr/local/samba/var/run/winbindd
   WINBINDD_PRIVILEGED_SOCKET_DIR: /usr/local/samba/var/lib/winbindd_privileged
   NTP_SIGND_SOCKET_DIR: /usr/local/samba/var/lib/ntp_signd

[root@simba Profiles]# testparm -S
Load smb config files from /usr/local/samba/etc/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[homes]"
Processing section "[test]"
Processing section "[profiles]"
Loaded services file OK.
Server role: ROLE_ACTIVE_DIRECTORY_DC
Press enter to see a dump of your service definitions

[global]
        workgroup = TOMATO
        realm = TOMATO.LOCAL
        interfaces = 10.0.0.226, 127.0.0.1
        bind interfaces only = Yes
        server role = active directory domain controller
        passdb backend = samba_dsdb
        min receivefile size = 16384
        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
        logon path = \\%L\profiles\%U\%a
        idmap negative cache time = 20
        template homedir = /home/%ACCOUNTNAME%
        template shell = /bin/bash
        winbind cache time = 600
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        winbind expand groups = 2
        winbind refresh tickets = Yes
        winbind offline logon = Yes
        dns forwarder = 10.0.0.1
        rpc_server:tcpip = no
        rpc_daemon:spoolssd = embedded
        rpc_server:spoolss = embedded
        rpc_server:winreg = embedded
        rpc_server:ntsvcs = embedded
        rpc_server:eventlog = embedded
        rpc_server:srvsvc = embedded
        rpc_server:svcctl = embedded
        rpc_server:default = external
        idmap config * : range = 1000000-1999999
        idmap config * : backend = rid
        create mask = 0777
        directory mask = 0777
        aio read size = 16384
        aio write size = 16384
        use sendfile = Yes
        map archive = No
        map readonly = no
        store dos attributes = Yes
        vfs objects = dfs_samba4, acl_xattr

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/tomato.local/scripts
        read only = No

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No

[homes]
        comment = Home Directories
        path = /storage/AD/Homes
        valid users = %U
        read only = No
        create mask = 0700
        directory mask = 0770

[test]
        comment = "Test"
        path = /storage/AD/test
        valid users = %U
        read only = No

[profiles]
        path = /storage/AD/Profiles
        valid users = %U
        read only = No
        create mask = 0600
        directory mask = 0700
        profile acls = Yes
        browseable = No
        csc policy = disable



Results:
[root@simba Profiles]# id steve
uid=3000023(TOMATO\steve) gid=100(users) groups=100(users),3000008(Domain Admins)
[root@simba Profiles]# id testuser
uid=3000026(TOMATO\testuser) gid=100(users) groups=100(users)
[root@simba Profiles]# getent passwd testuser
TOMATO\testuser:*:3000026:100:Test User:/home/testuser:/bin/bash

and subsequently ACLs are messed up.  It adds 134 between the domain and username, I assume it has trouble parsing the "\":

[root@simba AD]# getfacl Profiles/testuser
# file: Profiles/testuser
# owner: TOMATO\134testuser
# group: users
# flags: -s-
user::rwx
user:TOMATO\134testuser:rwx
group::---
group:users:---
group:3000009:rwx
mask::rwx
other::---
default:user::rwx
default:user:TOMATO\134testuser:rwx
default:group::---
default:group:users:---
default:group:3000009:rwx
default:mask::rwx
default:other::---

[root@simba AD]# strace -f setfacl -R -m u:testuser:rwx Profiles/testuser/
execve("/usr/bin/setfacl", ["setfacl", "-R", "-m", "u:testuser:rwx", "Profiles/testuser/"], [/* 23 vars */]) = 0
brk(0)                                  = 0x2251000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7e52eeb000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=29335, ...}) = 0
mmap(NULL, 29335, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f7e52ee3000
close(3)                                = 0
open("/lib64/libacl.so.1", O_RDONLY)    = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\36\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=31280, ...}) = 0
mmap(NULL, 2126416, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7e52ac5000
mprotect(0x7f7e52acc000, 2093056, PROT_NONE) = 0
mmap(0x7f7e52ccb000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f7e52ccb000
close(3)                                = 0
open("/lib64/libattr.so.1", O_RDONLY)   = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\23\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=18712, ...}) = 0
mmap(NULL, 2113888, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7e528c0000
mprotect(0x7f7e528c4000, 2093056, PROT_NONE) = 0
mmap(0x7f7e52ac3000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f7e52ac3000
close(3)                                = 0
open("/lib64/libc.so.6", O_RDONLY)      = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\355\1\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1916568, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7e52ee2000
mmap(NULL, 3745960, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7e5252d000
mprotect(0x7f7e526b7000, 2093056, PROT_NONE) = 0
mmap(0x7f7e528b6000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x189000) = 0x7f7e528b6000
mmap(0x7f7e528bb000, 18600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f7e528bb000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7e52ee1000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7e52ee0000
arch_prctl(ARCH_SET_FS, 0x7f7e52ee1700) = 0
mprotect(0x7f7e528b6000, 16384, PROT_READ) = 0
mprotect(0x7f7e52ac3000, 4096, PROT_READ) = 0
mprotect(0x7f7e52ccb000, 4096, PROT_READ) = 0
mprotect(0x606000, 4096, PROT_READ)     = 0
mprotect(0x7f7e52eec000, 4096, PROT_READ) = 0
munmap(0x7f7e52ee3000, 29335)           = 0
brk(0)                                  = 0x2251000
brk(0x2272000)                          = 0x2272000
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=99158576, ...}) = 0
mmap(NULL, 99158576, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f7e4c69c000
close(3)                                = 0
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0
open("/etc/nsswitch.conf", O_RDONLY)    = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=1712, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7e52eea000
read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1712
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0x7f7e52eea000, 4096)            = 0
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=29335, ...}) = 0
mmap(NULL, 29335, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f7e52ee3000
close(3)                                = 0
open("/lib64/libnss_files.so.2", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360!\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=65928, ...}) = 0
mmap(NULL, 2151824, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7e4c48e000
mprotect(0x7f7e4c49a000, 2097152, PROT_NONE) = 0
mmap(0x7f7e4c69a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0x7f7e4c69a000
close(3)                                = 0
mprotect(0x7f7e4c69a000, 4096, PROT_READ) = 0
munmap(0x7f7e52ee3000, 29335)           = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_GETFD)                       = 0x1 (flags FD_CLOEXEC)
fstat(3, {st_mode=S_IFREG|0644, st_size=1204, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7e52eea000
read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1204
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0x7f7e52eea000, 4096)            = 0
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=29335, ...}) = 0
mmap(NULL, 29335, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f7e52ee3000
close(3)                                = 0
open("/lib64/tls/x86_64/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib64/tls/x86_64", 0x7fff1e675810) = -1 ENOENT (No such file or directory)
open("/lib64/tls/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib64/tls", {st_mode=S_IFDIR|0555, st_size=4096, ...}) = 0
open("/lib64/x86_64/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib64/x86_64", 0x7fff1e675810)   = -1 ENOENT (No such file or directory)
open("/lib64/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib64", {st_mode=S_IFDIR|0555, st_size=12288, ...}) = 0
open("/usr/lib64/tls/x86_64/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/tls/x86_64", 0x7fff1e675810) = -1 ENOENT (No such file or directory)
open("/usr/lib64/tls/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/tls", {st_mode=S_IFDIR|0555, st_size=4096, ...}) = 0
open("/usr/lib64/x86_64/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/x86_64", 0x7fff1e675810) = -1 ENOENT (No such file or directory)
open("/usr/lib64/libnss_winbind.so.2", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p\16\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=39875, ...}) = 0
mmap(NULL, 2137584, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7e4c284000
mprotect(0x7f7e4c288000, 2097152, PROT_NONE) = 0
mmap(0x7f7e4c488000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x7f7e4c488000
mmap(0x7f7e4c489000, 19952, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f7e4c489000
close(3)                                = 0
open("/usr/local/samba/lib/tls/x86_64/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/local/samba/lib/tls/x86_64", 0x7fff1e675570) = -1 ENOENT (No such file or directory)
open("/usr/local/samba/lib/tls/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/local/samba/lib/tls", 0x7fff1e675570) = -1 ENOENT (No such file or directory)
open("/usr/local/samba/lib/x86_64/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/local/samba/lib/x86_64", 0x7fff1e675570) = -1 ENOENT (No such file or directory)
open("/usr/local/samba/lib/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/local/samba/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/local/samba/lib/private/tls/x86_64/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/local/samba/lib/private/tls/x86_64", 0x7fff1e675570) = -1 ENOENT (No such file or directory)
open("/usr/local/samba/lib/private/tls/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/local/samba/lib/private/tls", 0x7fff1e675570) = -1 ENOENT (No such file or directory)
open("/usr/local/samba/lib/private/x86_64/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/local/samba/lib/private/x86_64", 0x7fff1e675570) = -1 ENOENT (No such file or directory)
open("/usr/local/samba/lib/private/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/local/samba/lib/private", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/lib64/libpthread.so.0", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\\\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=142464, ...}) = 0
mmap(NULL, 2212768, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7e4c067000
mprotect(0x7f7e4c07e000, 2097152, PROT_NONE) = 0
mmap(0x7f7e4c27e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f7e4c27e000
mmap(0x7f7e4c280000, 13216, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f7e4c280000
close(3)                                = 0
open("/usr/local/samba/lib/libwinbind-client.so", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/samba/lib/private/libwinbind-client.so", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\r\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=28468, ...}) = 0
mmap(NULL, 2106160, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7e4be64000
mprotect(0x7f7e4be66000, 2097152, PROT_NONE) = 0
mmap(0x7f7e4c066000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f7e4c066000
close(3)                                = 0
mprotect(0x7f7e4c27e000, 4096, PROT_READ) = 0
set_tid_address(0x7f7e52ee19d0)         = 18719
set_robust_list(0x7f7e52ee19e0, 0x18)   = 0
futex(0x7fff1e675c6c, FUTEX_WAKE_PRIVATE, 1) = 0
futex(0x7fff1e675c6c, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 1, NULL, 7f7e52ee1700) = -1 EAGAIN (Resource temporarily unavailable)
rt_sigaction(SIGRTMIN, {0x7f7e4c06cae0, [], SA_RESTORER|SA_SIGINFO, 0x7f7e4c076500}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x7f7e4c06cb70, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7f7e4c076500}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=10240*1024, rlim_max=RLIM_INFINITY}) = 0
munmap(0x7f7e52ee3000, 29335)           = 0
lstat("/usr/local/samba/var/run/winbindd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/usr/local/samba/var/run/winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
socket(PF_FILE, SOCK_STREAM, 0)         = 3
fcntl(3, F_GETFL)                       = 0x2 (flags O_RDWR)
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK)    = 0
fcntl(3, F_GETFD)                       = 0
fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
connect(3, {sa_family=AF_FILE, path="/usr/local/samba/var/run/winbindd/pipe"}, 110) = 0
poll([{fd=3, events=POLLIN|POLLHUP}], 1, 0) = 0 (Timeout)
write(3, "0\10\0\0\0\0\0\0\0\0\0\0\37I\0\0\0\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 2096) = 2096
poll([{fd=3, events=POLLIN|POLLHUP}], 1, 5000) = 1 ([{fd=3, revents=POLLIN}])
read(3, "\250\r\0\0\2\0\0\0\33\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 3496) = 3496
poll([{fd=3, events=POLLIN|POLLHUP}], 1, 0) = 0 (Timeout)
write(3, "0\10\0\0/\0\0\0\0\0\0\0\37I\0\0\0\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 2096) = 2096
poll([{fd=3, events=POLLIN|POLLHUP}], 1, 5000) = 1 ([{fd=3, revents=POLLIN}])
read(3, "\325\r\0\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 3496) = 3496
poll([{fd=3, events=POLLIN|POLLHUP}], 1, 5000) = 1 ([{fd=3, revents=POLLIN}])
read(3, "/usr/local/samba/var/lib/winbind"..., 45) = 45
lstat("/usr/local/samba/var/lib/winbindd_privileged", {st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0
lstat("/usr/local/samba/var/lib/winbindd_privileged/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
socket(PF_FILE, SOCK_STREAM, 0)         = 4
fcntl(4, F_GETFL)                       = 0x2 (flags O_RDWR)
fcntl(4, F_SETFL, O_RDWR|O_NONBLOCK)    = 0
fcntl(4, F_GETFD)                       = 0
fcntl(4, F_SETFD, FD_CLOEXEC)           = 0
connect(4, {sa_family=AF_FILE, path="/usr/local/samba/var/lib/winbindd_privileged/pipe"}, 110) = 0
close(3)                                = 0
poll([{fd=4, events=POLLIN|POLLHUP}], 1, 0) = 0 (Timeout)
write(4, "0\10\0\0\1\0\0\0\0\0\0\0\37I\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 2096) = 2096
poll([{fd=4, events=POLLIN|POLLHUP}], 1, 5000) = 1 ([{fd=4, revents=POLLIN}])
read(4, "\250\r\0\0\2\0\0\0TOMATO\\testuser\0\0\0\0\0\0\0\0\0"..., 3496) = 3496
getrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=4*1024}) = 0
lstat("Profiles/testuser/", {st_mode=S_IFDIR|S_ISGID|0770, st_size=4096, ...}) = 0
getxattr("Profiles/testuser/", "system.posix_acl_access", "\x02\x00\x00\x00\x01\x00\x07\x00\xff\xff\xff\xff\x02\x00\x07\x00\xda\xc6-\x00\x04\x00\x00\x00\xff\xff\xff\xff\x08\x00\x00\x00d\x00\x00\x00\x08\x00\x07\x00\xc9\xc6-\x00\x10\x00\x07\x00\xff\xff\xff\xff \x00\x00\x00\xff\xff\xff\xff", 132) = 60
open("Profiles/testuser/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3
fcntl(3, F_GETFD)                       = 0x1 (flags FD_CLOEXEC)
getdents(3, /* 2 entries */, 32768)     = 48
getdents(3, /* 0 entries */, 32768)     = 0
close(3)                                = 0
close(4)                                = 0
exit_group(0)   

And the filesystem is mounted with xattr and acls:
[root@simba AD]# mount
/dev/md3 on / type ext4 (rw,user_xattr,acl)

Comment 1 Steve 2013-03-16 22:16:27 UTC

Follow up: I was able to work around the issue by change the winbind separator = +, now the ACLs are being set correctly with DOMAIN+User. However, the domain shouldn't even be appearing.

Comment 2 Björn Jacke 2014-01-28 23:27:59 UTC

- The "134" in the output of getfacls is a display issue of getfacl, not a samba bug.

- You are running samba in ad dc mode here. That means the output if "testparm" is not giving back your config. You will have to use "samba-tool testparm" then.

- winbind use default domain is currently not implented in the AD DC winbind mode. Best practice however is to use only DC functionality on a AD DC. But yes, this feature is still missing, therefore making this bug a dup of bug 9780.

*** This bug has been marked as a duplicate of bug 9780 ***