> Matthew McCowan wrote: >> >> running samba 2.2.5 on a solaris 2.7 with winbindd pointing to an NT4 >> PDC. >> >> Occasionally winbindd will hand out the wrong uid to a user trying to >> attach to the solaris box thru any PAM enabled service (telnet, smbd, >> ssh, etc). For example Alice will login to a shell using her normal >> credentials and winbindd will give her Bob's uid, even though "getent >> passwd" clearly shows Bob(uid)!=Alice(uid). >> >> The quick (not the track down bug and bludgeon it to death!) fix is to >> kill winbindd, stop the nscd (name service cache daemon) remove the >> winbindd_cache.tdb and restart winbindd (and optionally restart nscd). > > Some ideas in tracking it down: > > When it's 'broken', is is 'always broken'? That is, is it consistant? > In a different environment (ldap server with not so good indexes) I
It's definitely cactus for any user trying to set up a new session. When I'm told it's gone toes up I usually test it by trying to ssh to it (PAM enabled sshd on the solaris box). I've got the keys setup so I should immediately get a bash shell, so if it asks for a password its a good indicator that its 'broke' > found problems with a user being there in an enumeration, but not for a > getpwnam(). In this vain, what does 'id Alice' and 'id Bob' give you, > and how do they compare to getent passwd. will test next time it happens > > Also, can you try and kill ncsd? After that, I would look into the as above > static cache in nss_winbind - depending on the desing of your ncsd, > there could be corruption of that structure. Cheers Matt McC
