` Michael Wood wrote:
Hi Linda
Yeah...reported this a month ago... as well as other TDB/SID backend probs:
http://lists.samba.org/archive/samba-technical/2011-July/078663.html
http://lists.samba.org/archive/samba-technical/2011-July/078826.html
---
I wasn't sure if it was a 3.6 problem or some type of cockpit error, but
both emails
were ignored.
If you find something that looks like a bug and nobody responds to
your e-mail, perhaps you should report it via Bugzilla so that it
won't get lost.
----
I don't feel that's something many developers want -- and I know some
don't.
If you don't have firm evidence that it's the SW that is broken, they'll
just close
out the bug with "Works for Me", and I've wasted my time. Too many
times -- even
with repeatable test cases on too many different projects. This is
especially true with
something like samba where when I asked for any help in tracking down
this, I was asked to submit a 15-25MB samba log with debug set to 10 to
the samba list -- NOT to upload
it to a bug, but dump huge amounts of data to the list. I didn't feel
comfortable doing that. For all I know, unencrypted passwords might be
buried in that logfile and I'd never catch them -- not to mention the
flack I'd get for posting something so large to the list.
"What were you thinking? Well so and so told me, ...you gonna jump off
a cliff if he
tells you to do that...etc..."...
Even now, I'm not sure why setup is broken.
I can do a UID -> SID translation and SID->UID translation on my userid,
BUT, when windows tries to lookup my userid in winbind, the log spits out:
[2011/08/15 08:30:02, 6, class=winbind]
winbindd/winbindd.c:768(new_connection)
accepted socket 28
[2011/08/15 08:30:02, 3, class=winbind]
winbindd/winbindd_misc.c:352(winbindd_interface_version)
[17439]: request interface version
[2011/08/15 08:30:02, 3, class=winbind]
winbindd/winbindd_misc.c:385(winbindd_priv_pipe_dir)
[17439]: request location of privileged pipe
[2011/08/15 08:30:02, 6, class=winbind]
winbindd/winbindd.c:768(new_connection)
accepted socket 29
[2011/08/15 08:30:02, 6, class=winbind]
winbindd/winbindd.c:816(winbind_client_request_read)
closing socket 28, client exited
[2011/08/15 08:30:02, 3, class=winbind]
winbindd/winbindd_getgroups.c:60(winbindd_getgroups_send)
getgroups lindaw
[2011/08/15 08:30:02, 7, class=winbind]
winbindd/wb_gettoken.c:65(wb_gettoken_send)
wb_gettoken: My domain -- rejecting getgroups() for
S-1-5-21-33333-77777-33333-80026.
[2011/08/15 08:30:02, 5, class=winbind]
winbindd/winbindd_getgroups.c:187(winbindd_getgroups_recv)
Could not convert sid S-1-5-21-33333-77777-33333-80026:
NT_STATUS_NO_SUCH_USER
[2011/08/15 08:30:02, 3, class=winbind]
winbindd/winbindd_getgroups.c:60(winbindd_getgroups_send)
getgroups lindaw
[2011/08/15 08:30:02, 7, class=winbind]
winbindd/wb_gettoken.c:65(wb_gettoken_send)
wb_gettoken: My domain -- rejecting getgroups() for
S-1-5-21-33333-77777-33333-80026.
[2011/08/15 08:30:02, 5, class=winbind]
winbindd/winbindd_getgroups.c:187(winbindd_getgroups_recv)
Could not convert sid S-1-5-21-33333-77777-33333-80026:
NT_STATUS_NO_SUCH_USER
[2011/08/15 08:30:02, 3, class=winbind]
winbindd/winbindd_getgroups.c:60(winbindd_getgroups_send)
getgroups law
[2011/08/15 08:30:02, 7, class=winbind]
winbindd/wb_gettoken.c:65(wb_gettoken_send)
wb_gettoken: My domain -- rejecting getgroups() for
S-1-5-21-33333-77777-33333-80026.
[2011/08/15 08:30:02, 5, class=winbind]
winbindd/winbindd_getgroups.c:187(winbindd_getgroups_recv)
Could not convert sid S-1-5-21-33333-77777-33333-80026:
NT_STATUS_NO_SUCH_USER
[2011/08/15 08:30:02, 3, class=winbind]
winbindd/winbindd_getgroups.c:60(winbindd_getgroups_send)
getgroups lindaw
[2011/08/15 08:30:02, 7, class=winbind]
winbindd/wb_gettoken.c:65(wb_gettoken_send)
wb_gettoken: My domain -- rejecting getgroups() for
S-1-5-21-33333-77777-33333-80026.
[2011/08/15 08:30:02, 5, class=winbind]
winbindd/winbindd_getgroups.c:187(winbindd_getgroups_recv)
Could not convert sid S-1-5-21-33333-77777-33333-80026:
NT_STATUS_NO_SUCH_USER
---------
@ note, it maps the correct (historically -- what windows has seen), SID
to my username,
but then "My Domain -- rejecting getgroups, so 'NT_STATUS_NO_SUCH_USER'.
Things were 'worse.
Like root couldnt' use 'net' rpc user because 'root's ID, apparently,
was broken, so it got
invalid password .. and a normal user -- even admin, can't do
diddly...it's not governed
by filed permissions, as far as I can tell, but literally a hard-coded
check for 'root' (from
observation -- and making all the necessary files r/w by 'group root',
which put my
login in. i.e. I had r/w access to all the data files, but it refused
to allow me to make
any changes, even though I was in the admin and dom-admin groups.
Most of the builtin groups were missing....etc...
Hand added those back using groupmap -- but I couldn't point firmly to
what caused
it -- since part of the problem I knew was the inability to specify
separate ranges for
groups and users. -- I had separate ranges (though I dup UID-> GID
groups w/same name, -- I wanted to keep the users separate from the
groups.
The ability to do that was removed -- and my separate UID/GID spaces
collapsed -- that's when I first noticed problems in that I suddenly had
a different "SID" -- something I
considered 'bad', as windows doesn't see you the same if you change your
SID...
I mentioned that in one of the notes -- first posted on samba list, and
later on samba tech
list -- about how they really needed to consider publishing caveat, and
warnings about
3.6's DB changes and how they could corrupt/destroy user DB's...as that
*seemed* to be
what happened to me...but "seemed" and 1$ will get you a cup of coffee
-- hard evidence, or they don't have the time to waste -- they don't
want to be just helping users with
'cockpit' errors, and since I wasn't sure -- was my not knowing about
the DB change
the only thing that cause problems? (I don't think so, but it sure
didn't help)...not sure
why my db got mostly zeroed/corrupted --- it just started re-allocating
new ID's for any user/computer it saw -- out of its new default range --
which was incompat w/my old --
and, I guess, (?? don't know solidly enough to file the details for a
bug report , really),
I DO file lots of bugs -- more than the average user...against a wide
range of products
(perl, samba, squid, lkml, novell/opensuse, mozilla Tbird * FFox,
Songbird -- and just
too many to count. But I prefer to have a fairly reasonable level of
confidence before I commit to a bug report -- so when not sure, I ask
about the problem on list first.
and...well...nada.
I figured if it wasn't important to them and it really was the problem I
thought it was, they'd eventually get around to dealing with it. Too
many times, I'm one of the first to report a bug / problem sometimes
months or years before others hit it (I'm a computer
science grad and I push software in odd ways to try out new things)...
Given the same circumstances, all I feel I can do at that confidence
level is say something -- that I think there's a problem and need help
finding out. If I'm ignored, I assume they are too busy doing other
things (like getting ready for a major release!)
Some people perceive me as too pushy, too often, anyway, so I certainly
don't need to
push when others aren't wanting to listen, especially when I know that
either I'll find
I'm the only one w/ the problem. OR I was just the first.
make sense? Do you really think I shoud have handled it differently?
I dont' feel that doing so is really desired considering where my
certainty levels were....
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
