On Thu, Jul 24, 2008 at 08:51:25AM +0200, Paolo Sala wrote: > Steve Langasek scrisse in data 23/07/2008 20:08: >> You mention a remote user in a local group; so this means you have the user >> listed in /etc/groups? And the command 'groups $remoteuser' shows only the >> remote group memberships, not the local ones?
> Yes, I mean a remote user in a local group. I have found another strange > behaviour: "groups" doesn't shows local groups but "groups remoteuser" > shows them: >> [EMAIL PROTECTED]:~$ whoami >> DOMINIOCSA\psala >> [EMAIL PROTECTED]:~$ groups >> DOMINIOCSA\paolo sala DOMINIOCSA\domain users DOMINIOCSA\gruppo per >> gestione faxweb DOMINIOCSA\utenti DOMINIOCSA\gruppo per gestione >> nethaudit DOMINIOCSA\rete_amm >> [EMAIL PROTECTED]:~$ groups dominiocsa\\psala >> DOMINIOCSA\paolo sala cdrom floppy audio video plugdev users camera >> powerdev vboxusers DOMINIOCSA\domain users DOMINIOCSA\gruppo per >> gestione faxweb DOMINIOCSA\utenti DOMINIOCSA\gruppo per gestione >> nethaudit DOMINIOCSA\rete_amm > Is it normal? This indicates a failure in the initgroups() call at the beginning of your session, which is supposed to retrieve all of the groups from NSS and add them to your process. But this is an example where calling "groups $remoteuser" *does* show the local groups. Is there a particular test case which *reproducibly* fails to show the groups for you? (Not counting running the 'groups' command by itself, since this doesn't query group membership information from NSS, it only queries group names.) > Furthermore, sometimes happens, when I open a console, "I > have no [EMAIL PROTECTED]:~$" instead of "[EMAIL PROTECTED]:~$": > is it normal? can be tied with the problem above? That means that the getpwuid() call to look up your username has failed. It may be related, since all of these issues point to a certain unreliability in your NSS setup. > Of course: >> [EMAIL PROTECTED]:~$ cat /etc/nsswitch.conf | grep -v ^[\;,#] >> passwd: files winbind >> group: files winbind >> shadow: files >> hosts: files wins mdns4_minimal [NOTFOUND=return] dns mdns4 >> networks: files Please try removing 'wins' from the hosts line as a test. I don't think it will fix everything, but it may fix your last problem. Also, do you have 'winbind enum groups' and 'winbind enum users' enabled in /etc/samba/smb.conf? From your description of the problem I suspect that you already do, but just in case you don't, I recommend you enable the options. Beyond that, the symptoms look like NSS is in only *some* cases losing the group information from the 'files' backend. In that case, I guess this is a glibc bug. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
