Matthew McCowan wrote: > > Howdy all, > > running samba 2.2.5 on a solaris 2.7 with winbindd pointing to an NT4 PDC. > > Occasionally winbindd will hand out the wrong uid to a user trying to attach > to the solaris box thru any PAM enabled service (telnet, smbd, ssh, etc). > For example Alice will login to a shell using her normal credentials and > winbindd will give her Bob's uid, even though "getent passwd" clearly shows > Bob(uid)!=Alice(uid). > > The quick (not the track down bug and bludgeon it to death!) fix is to kill > winbindd, stop the nscd (name service cache daemon) remove the > winbindd_cache.tdb and restart winbindd (and optionally restart nscd). > > I must say that the functionality provided by winbindd is nothing short of > fantastic. Open source single sign-on may finally be moving out of the realm > of myth and legend. Super effort! > > Guess I see if 2.2.6 has a fix ...
Some ideas in tracking it down: When it's 'broken', is is 'always broken'? That is, is it consistant? In a different environment (ldap server with not so good indexes) I found problems with a user being there in an enumeration, but not for a getpwnam(). In this vain, what does 'id Alice' and 'id Bob' give you, and how do they compare to getent passwd. Also, can you try and kill ncsd? After that, I would look into the static cache in nss_winbind - depending on the desing of your ncsd, there could be corruption of that structure. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
