On Wed, Mar 26, 2003 at 04:11:13PM -0800, Shawn Wright wrote: > Ok, stupid me. Somehow I missed updating /lib/libnss_winbind.so on both > these machines. Presumably this would have also caused corruption of the > winbind idmap?
I doubt it, actually. > Since winbind is now installed with a "make install", would it not be a good > idea to also install libnss_winbind.so also? Or at least provide some version > checking in winbind so that it will fail to start and report an error if it > encounters the wrong version of libnss_winbind.so? Winbind doens't *require* libnss_winbind - there are actually situations where it is used without it. That said, I've implemented some extensive version checks from the client side - we certainly won't connect to a winbind with a different protocol version any more. > It seems that the idmap file is a very weak link in samba right now, so every > effort should be made to prevent corruption during upgrades, etc. > In our case, I was able to re-apply acls for 400 users, but quota information > for a large shared file volume was lost, as I could not re-map the ids, and > had to reset file ownerships to avoid users having incorrect quota > assignments. Yes, we need to work on that - the outsource of this into LDAP is one example of these efforts - and we did have a project to dump/import the tdb to a text file, but I'm not sure what happened to it... Andrew Bartlett > On 25 Mar 2003 at 10:32, [EMAIL PROTECTED] wrote: > > > I have just upgraded two of our samba boxes to 2.2.8 and ended up with > > partially broken winbind after the upgrade. The machines are slightly > > different, and so are the symptoms, so here goes: > > > > System 1: Was at 2.2.3 compiled from source Feb4/02, using options: > > "./configure --with-winbind --with-acl-support --with-quotas". Running on > > RedHat 7.2, installed from SGI's XFS installer to enable ACLs and quotas > > with samba on XFS filesystems. System running fine in production for ~500 > > NT domain users for the past 8 months. All users are on NT domain, using > > winbind from user lookups. > > After upgrade to 2.2.8, I see the following: > > > > getent passwd shows only local users, no domain users > > wbinfo -u and -g report domain users & groups normally > > users connecting to smb shares appear as "root" in smbstatus (!) > > a nobody share appears browsing the system from an NT box. > > As this is a production system, I've had to revert to 2.2.3 so further testing > > may be difficult at this time. > > > > System #2 is a fresh install of RedHat 8 using the SGI XFS installer v1.2, > > and had the stock samba 2.2.5 rpm installed, over which I compiled and > > installed 2.2.8. Config is essentially the same as system #1 otherwise. > > (smb.conf shown at end of message) > > > > This time, wbinfo -t, -u, -g all work as expected. > > getent passwd shows local users, then a list of domain user IDs in the > > format: (where 106xx is the id) > > > > ::0:10646:':: > > ::0:10647:':: > > ::0:10648:':: > > > > getent group shows a corrupted group listing as follows, "webalizer" is the > > last entry in /etc/group, and the correct domain name is "SHAWNIGAN - > > notice it is mangled in various places: > > > > webalizer:x:67: > > hHAWNIGAN+AP French:aminx:1280532334:�� > > ::1852728681:WNIGAN+abehennah,SHAWNIGAN+adeane,SHAWNIGAN+ > > dew,SHAWNIGAN+gperry,SH > > AWNIGAN+jrc,SHAWNIGAN+rfilgate,SHAWNIGAN+jcs > > > > ============ > > Here is what the above should look like (and does on the other box running > > 2.2.3): > > > > SHAWNIGAN+AP French:x:10023: > > SHAWNIGAN+Dept- > > English:x:10024:SHAWNIGAN+abehennah,SHAWNIGAN+adeane,SHAWN > > IGAN+dew,SH > > AWNIGAN+gperry,SHAWNIGAN+jrc,SHAWNIGAN+rfilgate,SHAWNIGAN+j > > cs > > > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Shawn Wright, Systems Manager > Shawnigan Lake School > http://www.sls.bc.ca > [EMAIL PROTECTED] > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
