Web lists-archives.com

Re: [Samba] AD-DC samba_gpoupdate failing




So, I did, subject " gpoupdate failing on DC / winbind", but so far no
response :(

On Tue, 26 Feb 2019 at 13:48, Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
wrote:

> On Tue, 26 Feb 2019 13:34:32 +0000
> Kristján Valur Jónsson <kristjan@xxxxxx> wrote:
>
> > Ok, I've analyzed this and found that the cause is a call to
> > getpwuid(uid) with the uid being that of the domain controller.
> > "wbinfo --uid-info=3000074" works and returns information, but this
> > library function fails.
> > This is then propagated upwards as a memory error, because it is being
> > called from getpwuid_alloc() which is a talloc variant. the api
> > doesn't allow us to distinguish either form of error.
> > Later, there is this code (in libgpo)
> > new_token = create_local_nt_token(mem_ctx, &object_sid, false,
> >   num_token_sids, token_sids);
> > ADS_ERROR_HAVE_NO_MEMORY(new_token);
> > where the failure of create_local_nt_token() is simply assumed to be a
> > memory failure.  This pretty much destroys any finess in lower level
> > error handling...
> >
> > Now, the reason getpwuid was failing was that the nsswitch.conf
> > wasn't set up on the DCs.  I fixed it and it works.  But I"ve been
> > running these DCs for three years without it.  There is also no
> > indication anywhere that it is not correctly set up.
> > I wonder if it is possible to enhance such diagnosis.
> > 1) ouput a warning (failur of getpwuid is currently a DEBUG macro)
> > 2) fix error handling.  Will do some tests.
> >
> >
>
> Kristjan, it is my understanding that it is actually recommended to not
> set up the libnss-winbind links on a DC, yet you now seem to be saying
> it is required.
>
> I think this would be better discussed on the samba-technical mailing
> list.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


-- 
Kv,
Kristján Valur Jónsson, RVX
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba