This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: mkpasswd with domain gives The security database is corrupted error - SOLVED

From: Orion Poplawski <orion at nwra dot com>
To: cygwin at cygwin dot com
Date: Fri, 10 Aug 2012 16:53:27 +0000 (UTC)
Subject: Re: mkpasswd with domain gives The security database is corrupted error - SOLVED
References: <loom.20120810T002948-294@post.gmane.org> <20120810144844.GH7317@calimero.vinschen.de>

Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:

> 
> On Aug  9 22:37, Orion Poplawski wrote:
> > Fresh install of cygwin 1.7.16 on Windows Server 2008 R2.  Trying to add my
> > domain users to /etc/passwd, but when I run mkpasswd I get (somewhat
obfuscated):
> > 
> > $ mkpasswd -l -d CO-RA
> > SYSTEM:*:18:544:,S-1-5-18::
> > LocalService:*:19:544:U-NT AUTHORITY\LocalService,S-1-5-19::
> > NetworkService:*:20:544:U-NT AUTHORITY\NetworkService,S-1-5-20::
> > Administrators:*:544:544:,S-1-5-32-544::
> > TrustedInstaller:*:4294967294:4294967294:U-NT
> > SERVICE\TrustedInstaller,S-*::
> > Administrator:unused:500:513:U-FONT3\Administrator,S-*
> > Guest:unused:501:513:U-FONT3\Guest,S-*:/home/Guest:/bin/bash
> > sgeadmin:unused:1000:513:U-FONT3\sgeadmin,S-*:/home/sgeadmin:/bin/bash
> > mkpasswd (374): [2247] The security database is corrupted.
> > 
> > That message led me to trying to check the status to the secedit.sdb database
> > with esentutl but that checks out okay.
> 
> The error message is a result of an error returned from a simple call to
> the Windows function NetUserEnum.  I have no idea what's causing this.
> 
> Corinna
> 

Thanks, figured it out.  It was a problem with the user/group database on our
samba PDC.

First clue is that I didn't get the error without the -d option, indicating a
domain issue rather than local issue.

Next clue came from tshark which showed a STATUS_INTERNAL_DB_CORRUPTION error
being sent in response to a groupforuser command.  Then bumping up the debug
level for the smbd process for that host to level 3 I got:

[2012/08/10 10:42:26.852922,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: SAMR_GETGROUPSFORUSER
[2012/08/10 10:42:26.859341,  2] passdb/pdb_ldap.c:553(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: nobody
[2012/08/10 10:42:26.862206,  3] passdb/pdb_ldap.c:5197(ldapsam_gid_to_sid)
  ERROR: Got 0 entries for gid 99, expected one
[2012/08/10 10:42:26.862492,  3] passdb/lookup_sid.c:1754(get_primary_group_sid)
  Forcing Primary Group to 'Domain Users' for nobody
[2012/08/10 10:42:26.866774,  3]
passdb/pdb_ldap.c:3039(ldapsam_enum_group_memberships)
  primary group of [nobody] not found

And indeed I had a user called 'nobody' with no corresponding group in the ldap
database.  Removing that user fixed the issue.

- Orion


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

References:
- mkpasswd with domain gives The security database is corrupted error
  - From: Orion Poplawski
- Re: mkpasswd with domain gives The security database is corrupted error
  - From: Corinna Vinschen

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]