Ok, stupid me. Somehow I missed updating /lib/libnss_winbind.so on both these machines. Presumably this would have also caused corruption of the winbind idmap? Since winbind is now installed with a "make install", would it not be a good idea to also install libnss_winbind.so also? Or at least provide some version checking in winbind so that it will fail to start and report an error if it encounters the wrong version of libnss_winbind.so? It seems that the idmap file is a very weak link in samba right now, so every effort should be made to prevent corruption during upgrades, etc. In our case, I was able to re-apply acls for 400 users, but quota information for a large shared file volume was lost, as I could not re-map the ids, and had to reset file ownerships to avoid users having incorrect quota assignments.
On 25 Mar 2003 at 10:32, [EMAIL PROTECTED] wrote: > I have just upgraded two of our samba boxes to 2.2.8 and ended up with > partially broken winbind after the upgrade. The machines are slightly > different, and so are the symptoms, so here goes: > > System 1: Was at 2.2.3 compiled from source Feb4/02, using options: > "./configure --with-winbind --with-acl-support --with-quotas". Running on > RedHat 7.2, installed from SGI's XFS installer to enable ACLs and quotas > with samba on XFS filesystems. System running fine in production for ~500 > NT domain users for the past 8 months. All users are on NT domain, using > winbind from user lookups. > After upgrade to 2.2.8, I see the following: > > getent passwd shows only local users, no domain users > wbinfo -u and -g report domain users & groups normally > users connecting to smb shares appear as "root" in smbstatus (!) > a nobody share appears browsing the system from an NT box. > As this is a production system, I've had to revert to 2.2.3 so further testing > may be difficult at this time. > > System #2 is a fresh install of RedHat 8 using the SGI XFS installer v1.2, > and had the stock samba 2.2.5 rpm installed, over which I compiled and > installed 2.2.8. Config is essentially the same as system #1 otherwise. > (smb.conf shown at end of message) > > This time, wbinfo -t, -u, -g all work as expected. > getent passwd shows local users, then a list of domain user IDs in the > format: (where 106xx is the id) > > ::0:10646:':: > ::0:10647:':: > ::0:10648:':: > > getent group shows a corrupted group listing as follows, "webalizer" is the > last entry in /etc/group, and the correct domain name is "SHAWNIGAN - > notice it is mangled in various places: > > webalizer:x:67: > hHAWNIGAN+AP French:aminx:1280532334:�� > ::1852728681:WNIGAN+abehennah,SHAWNIGAN+adeane,SHAWNIGAN+ > dew,SHAWNIGAN+gperry,SH > AWNIGAN+jrc,SHAWNIGAN+rfilgate,SHAWNIGAN+jcs > > ============ > Here is what the above should look like (and does on the other box running > 2.2.3): > > SHAWNIGAN+AP French:x:10023: > SHAWNIGAN+Dept- > English:x:10024:SHAWNIGAN+abehennah,SHAWNIGAN+adeane,SHAWN > IGAN+dew,SH > AWNIGAN+gperry,SHAWNIGAN+jrc,SHAWNIGAN+rfilgate,SHAWNIGAN+j > cs > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, Systems Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
