[Gllug] [Samba] Problem with users (authing over Active Directory) not being about to run software, but local users can.

Michael Wood esiotrot at gmail.com
Tue Oct 20 09:27:33 UTC 2009


2009/10/14 KJS <lists at netzensolutions.com>:
> Hi Guys,
>
> I have a CentOS box running with Active Directory Authentication via winbind
> and that is working fine.
>
> When users login for the first time their home dir's are created in
> /home/%DOMAIN%/ which is also working fine.
>
> Now, they have installed a bit of commercial software on the CentOS server
> which works fine for all the local users but not the users logging in via
> Active Directory auth. Note this software does use a gui interface, when
> asking for support they would only support RHEL (not the clones).
>
> Users logging in over Active Directory get the following error:
>
> Error id=371530
>
> Fatal: Internal system error, cannot recover.
>
> Release = 'C-2009.06-1'  Architecture = 'linux'  Program = 'DVE'
>
> '164492884 142997729 164493463 -6912 -6273988 164440005 164565674 164214114
> 142860386 142254224 141374259 1732236'
>
>
> Now the difference between the two users account's are:
>
> Local User (who is a member of some AD groups):
>
> uid=501(davep) gid=501(davep) groups=501(davep),502(edf),16777216(domain
> users),16777225(subversion),16777226(web workplace
> users),16777220(BUILTIN\users)
>
> Active Directory User:
>
> uid=16777238(kjs) gid=16777216(domain users) groups=16777216(domain
> users),502(edf),16777225(subversion),16777226(web workplace
> users),16777220(BUILTIN\users)

Wild guess:  The UID and primary GID are both > 65535.  Traditionally
these would have been 16 bit integers.  Maybe your commercial app is
assuming they still are.

Another wild guess:  The primary group name has a space in it.  Maybe
the commercial app doesn't like this.

> So basically I have been sat here trying to work out the difference between
> the two users accounts, I have tested on other accounts also with the same
> results it works on a local account fine, but not on a user authenticating
> via AD.

Try creating a local user with large UID and GID and see if they also
have trouble executing the commercial app.

Try creating a local user with a normal UID, but "domain users" as the
primary group and see if that also has problems.

-- 
Michael Wood <esiotrot at gmail.com>
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list