[Bug 673777] [NEW] winbind tools don't seem to agree on idmappings
Scott Saunders
673777 at bugs.launchpad.net
Wed Nov 10 22:46:39 GMT 2010
Public bug reported:
Binary package hint: samba
# lsb_release -rd
Description: Ubuntu 10.04.1 LTS
Release: 10.04
# uname -a
Linux kuat 2.6.32-24-server #39-Ubuntu SMP Wed Jul 28 06:21:40 UTC 2010 x86_64 GNU/Linux
# apt-cache policy samba
samba:
Installed: 2:3.4.7~dfsg-1ubuntu3.1
Candidate: 2:3.4.7~dfsg-1ubuntu3.2
Version table:
2:3.4.7~dfsg-1ubuntu3.2 0
500 http://us.archive.ubuntu.com/ubuntu/ lucid-updates/main Packages
500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages
*** 2:3.4.7~dfsg-1ubuntu3.1 0
100 /var/lib/dpkg/status
2:3.4.7~dfsg-1ubuntu3 0
500 http://us.archive.ubuntu.com/ubuntu/ lucid/main Packages
3.0.28a-1ubuntu4.13 0
500 http://us.archive.ubuntu.com/ubuntu/ hardy-updates/main Packages
The following has got me a little worried. I noticed the XXXXX222 GID
showing up after I recently deleted a couple keys using tdbtool, one of
which was an SID linked to GID XXXXX218 which was causing permission
issues because it was one of two SIDs pointing to the same GID (if it's
any interest, the key I deleted was the SID for the windows
BUILTIN\NETWORK group). Deleting the key seemed to resolve that issue.
What follows is what I am seeing since that change. Note: I have
replaced parts of the GIDs and SIDs with X's. Between the two GIDs in
question the prefix is the same and they both link to the exact same
SID. There is at least one other group I'm aware of that I am seeing
this problem with as well. First of all I don't understand why I now
have two GIDs pointing to the same SID. Secondly, I get varying
responses from wbinfo, tdbtool, and net idmap dump - who do I trust?
wbinfo shows
# wbinfo --gid-info XXXXX218
DOMAIN\domain admins:x:XXXXX222
# wbinfo --gid-info XXXXX222
DOMAIN\domain admins:x:XXXXX222
# wbinfo -G XXXXX218
S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-512
# wbinfo -G XXXXX222
S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-512
# wbinfo -Y S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-512
XXXXX222
tdbtool shows
tdbtool /var/lib/samba/winbindd_idmap.tdb
tdb> show GID\ XXXXX218\0
fetch failed
tdb> show GID\ XXXXX222\0
key 13 bytes
GID XXXXX222
data 46 bytes
S-1-5-21 -XXXXXXX
XXX-XXXX XXXXXX-X
XXXXXXXX X-512
idmap dump shows
net idmap dump /var/lib/samba/winbindd_idmap.tdb |grep GID|egrep XXXXX\(218\|222\)|less
GID XXXXX218 S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-512
notice GID XXXXX222 does not show up here
number of files currently owned by this group/these GIDs
# ls -alRg /path/to/samba/shares/ |grep -c 'DOMAIN\\domain admins'
41934
# ls -alnRg /path/to/samba/shares/ |grep -c XXXXX218
41933
# ls -alnRg /path/to/samba/shares/ |grep -c XXXXX222
1
Any thoughts/explanation as to what might be going on? Should I be
concerned? What can I do to resolve these discrepancies?
** Affects: samba (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
Binary package hint: samba
# lsb_release -rd
Description: Ubuntu 10.04.1 LTS
Release: 10.04
# uname -a
Linux kuat 2.6.32-24-server #39-Ubuntu SMP Wed Jul 28 06:21:40 UTC 2010 x86_64 GNU/Linux
# apt-cache policy samba
samba:
- Installed: 2:3.4.7~dfsg-1ubuntu3.1
- Candidate: 2:3.4.7~dfsg-1ubuntu3.2
- Version table:
- 2:3.4.7~dfsg-1ubuntu3.2 0
- 500 http://us.archive.ubuntu.com/ubuntu/ lucid-updates/main Packages
- 500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages
- *** 2:3.4.7~dfsg-1ubuntu3.1 0
- 100 /var/lib/dpkg/status
- 2:3.4.7~dfsg-1ubuntu3 0
- 500 http://us.archive.ubuntu.com/ubuntu/ lucid/main Packages
- 3.0.28a-1ubuntu4.13 0
- 500 http://us.archive.ubuntu.com/ubuntu/ hardy-updates/main Packages
+ Installed: 2:3.4.7~dfsg-1ubuntu3.1
+ Candidate: 2:3.4.7~dfsg-1ubuntu3.2
+ Version table:
+ 2:3.4.7~dfsg-1ubuntu3.2 0
+ 500 http://us.archive.ubuntu.com/ubuntu/ lucid-updates/main Packages
+ 500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages
+ *** 2:3.4.7~dfsg-1ubuntu3.1 0
+ 100 /var/lib/dpkg/status
+ 2:3.4.7~dfsg-1ubuntu3 0
+ 500 http://us.archive.ubuntu.com/ubuntu/ lucid/main Packages
+ 3.0.28a-1ubuntu4.13 0
+ 500 http://us.archive.ubuntu.com/ubuntu/ hardy-updates/main Packages
The following has got me a little worried. I noticed the XXXXX222 GID
showing up after I recently deleted a couple keys using tdbtool, one of
which was an SID linked to GID XXXXX218 which was causing permission
issues because it was one of two SIDs pointing to the same GID (if it's
any interest, the key I deleted was the SID for the windows
BUILTIN\NETWORK group). Deleting the key seemed to resolve that issue.
What follows is what I am seeing since that change. Parts of the GIDs
and SIDs have been replaced with X's. Between the two GIDs in question
- the prefix is the same and they both link the the exact same SID. First
- of all I don't understand why I now have two GIDs pointing to the same
- SID. Secondly, I get varying responses from wbinfo, tdbtool, and net
- idmap dump - who do I trust?
+ the prefix is the same and they both link to the exact same SID. There
+ is at least one other group I'm aware of that I am seeing this problem
+ with as well. First of all I don't understand why I now have two GIDs
+ pointing to the same SID. Secondly, I get varying responses from wbinfo,
+ tdbtool, and net idmap dump - who do I trust?
wbinfo shows
# wbinfo --gid-info XXXXX218
DOMAIN\domain admins:x:XXXXX222
# wbinfo --gid-info XXXXX222
DOMAIN\domain admins:x:XXXXX222
# wbinfo -G XXXXX218
S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-512
# wbinfo -G XXXXX222
S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-512
# wbinfo -Y S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-512
XXXXX222
tdbtool shows
tdbtool /var/lib/samba/winbindd_idmap.tdb
tdb> show GID\ XXXXX218\0
fetch failed
tdb> show GID\ XXXXX222\0
key 13 bytes
GID XXXXX222
data 46 bytes
S-1-5-21 -XXXXXXX
XXX-XXXX XXXXXX-X
XXXXXXXX X-512
idmap dump shows
net idmap dump /var/lib/samba/winbindd_idmap.tdb |grep GID|egrep XXXXX\(218\|222\)|less
GID XXXXX218 S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-512
notice GID XXXXX222 does not show up here
number of files currently owned by this group/these GIDs
# ls -alRg /path/to/samba/shares/ |grep -c 'DOMAIN\\domain admins'
41934
# ls -alnRg /path/to/samba/shares/ |grep -c XXXXX218
41933
# ls -alnRg /path/to/samba/shares/ |grep -c XXXXX222
1
Any thoughts/explanation as to what might be going on? Should I be
concerned? What can I do to resolve these discrepancies?
** Description changed:
Binary package hint: samba
# lsb_release -rd
Description: Ubuntu 10.04.1 LTS
Release: 10.04
# uname -a
Linux kuat 2.6.32-24-server #39-Ubuntu SMP Wed Jul 28 06:21:40 UTC 2010 x86_64 GNU/Linux
# apt-cache policy samba
samba:
Installed: 2:3.4.7~dfsg-1ubuntu3.1
Candidate: 2:3.4.7~dfsg-1ubuntu3.2
Version table:
2:3.4.7~dfsg-1ubuntu3.2 0
500 http://us.archive.ubuntu.com/ubuntu/ lucid-updates/main Packages
500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages
*** 2:3.4.7~dfsg-1ubuntu3.1 0
100 /var/lib/dpkg/status
2:3.4.7~dfsg-1ubuntu3 0
500 http://us.archive.ubuntu.com/ubuntu/ lucid/main Packages
3.0.28a-1ubuntu4.13 0
500 http://us.archive.ubuntu.com/ubuntu/ hardy-updates/main Packages
The following has got me a little worried. I noticed the XXXXX222 GID
showing up after I recently deleted a couple keys using tdbtool, one of
which was an SID linked to GID XXXXX218 which was causing permission
issues because it was one of two SIDs pointing to the same GID (if it's
any interest, the key I deleted was the SID for the windows
BUILTIN\NETWORK group). Deleting the key seemed to resolve that issue.
- What follows is what I am seeing since that change. Parts of the GIDs
- and SIDs have been replaced with X's. Between the two GIDs in question
- the prefix is the same and they both link to the exact same SID. There
- is at least one other group I'm aware of that I am seeing this problem
- with as well. First of all I don't understand why I now have two GIDs
- pointing to the same SID. Secondly, I get varying responses from wbinfo,
- tdbtool, and net idmap dump - who do I trust?
+ What follows is what I am seeing since that change. Note: I have
+ replaced parts of the GIDs and SIDs with X's. Between the two GIDs in
+ question the prefix is the same and they both link to the exact same
+ SID. There is at least one other group I'm aware of that I am seeing
+ this problem with as well. First of all I don't understand why I now
+ have two GIDs pointing to the same SID. Secondly, I get varying
+ responses from wbinfo, tdbtool, and net idmap dump - who do I trust?
wbinfo shows
# wbinfo --gid-info XXXXX218
DOMAIN\domain admins:x:XXXXX222
# wbinfo --gid-info XXXXX222
DOMAIN\domain admins:x:XXXXX222
# wbinfo -G XXXXX218
S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-512
# wbinfo -G XXXXX222
S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-512
# wbinfo -Y S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-512
XXXXX222
tdbtool shows
tdbtool /var/lib/samba/winbindd_idmap.tdb
tdb> show GID\ XXXXX218\0
fetch failed
tdb> show GID\ XXXXX222\0
key 13 bytes
GID XXXXX222
data 46 bytes
S-1-5-21 -XXXXXXX
XXX-XXXX XXXXXX-X
XXXXXXXX X-512
idmap dump shows
net idmap dump /var/lib/samba/winbindd_idmap.tdb |grep GID|egrep XXXXX\(218\|222\)|less
GID XXXXX218 S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-512
notice GID XXXXX222 does not show up here
number of files currently owned by this group/these GIDs
# ls -alRg /path/to/samba/shares/ |grep -c 'DOMAIN\\domain admins'
41934
# ls -alnRg /path/to/samba/shares/ |grep -c XXXXX218
41933
# ls -alnRg /path/to/samba/shares/ |grep -c XXXXX222
1
Any thoughts/explanation as to what might be going on? Should I be
concerned? What can I do to resolve these discrepancies?
--
winbind tools don't seem to agree on idmappings
https://bugs.launchpad.net/bugs/673777
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in ubuntu.
More information about the Ubuntu-server-bugs
mailing list