[Samba] wbinfo_group.pl / wbinfo -r not working!

Adam Bruncaj abruncaj at gmail.com
Mon Feb 27 15:53:24 GMT 2006 

Hello,

I have been using samba to authenticate my squid users to Active
Directory. Because of the amount of users, I would like to set up my
ACL's based on groups, rather than individual user accounts.

I have successfully joined my samba box to our windows domain (2k).
For some reason I had to enter the domain controller name instead of
the domain name when doing so. I am now having issues looking up user
groups using wbinfo_group and/or "wbinfo -r username".

The following are some commands, conf files & logs (the parts that I
believe are relevant). I have a feeling I have more than one issue
going on here. Please let me know if you need more info.

I doubt there are limitations, but we are in a somewhat large
environment (about 4,000 users accounts) with multiple sub domains.

-----
# I compiled squid with...
./configure --enable-external-acl-helpers="unix_group,wbinfo_group"
--------------
[root at lions squid]# rpm -q samba
samba-3.0.21c-1
--------------
[root at lions squid]# wbinfo -a domainuser1%hispass
plaintext password authentication succeeded
challenge/response password authentication succeeded
-------------------
[root at lions squid]# wbinfo -t
checking the trust secret via RPC calls succeeded
-------------------
[root at lions squid]# wbinfo -u |more
SUBDOMAIN1\exemployees
SUBDOMAIN1\installservice
...
..
SUBDOMAIN2\exch
SUBDOMAIN2\adcsv
SUBDOMAIN2\administrator
..
..
domainuser1  #These are the accounts that I would be working with and
would need lookup there groups. note that
domainuser2
domainuser2
..
..
--------------------------------
[root at lions samba]# wbinfo -n domainuser1
S-1-5-21-954140891-1229348589-1136263860-10879 User (1)
--------------------------------
*********[root at lions squid]# ./wbinfo_group.pl
user1 "domain users"
Could not lookup name domain users
Could not convert sid  to gid
Could not get groups for user user1
OK
# also tried domain\\user domain\\group
------------------
********[root at lions samba]# wbinfo -r domainuser1
Could not get groups for user domainuser1
#also tried with domain\\domainuser1
-------------------
[root at lions samba]# wbinfo --sequence
SubDomain1 : DISCONNECTED
SubDomain2 : DISCONNECTED
Subdomain3 : 2576451
LIONS : 1
BUILTIN : 1
MyDomain : DISCONNECTED # it states disconnected, but I am able to
view users and groups?
--------------------

My conf files....
------------------------------------------------
(smb.conf) # note that this is the while conf file. I read that this
is all I need

[global]
workgroup = MyDomain
netbios name = lions
password server = 10.20.250.2
security = domain
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = yes
------------------------------------------------
(nsswitch.conf)
#
# /etc/nsswitch.conf
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis
passwd:     files winbind
shadow:     files winbind
group:      files winbind
#hosts:     db files nisplus nis dns
hosts:  files winbind dns
# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers:     db files
netmasks:   files
networks:   files dns
protocols:  files winbind
rpc:        db files
services:   files winbind
netgroup:   files winbind
publickey:  nisplus
automount:  files winbind
aliases:    files nisplus
---------------------------------
(krb5.conf)

[libdefaults]
 default_realm = Mydomain.domain.com

 dns_lookup_realm = true
 dns_lookup_kdc = true
[realms]
MY = {
  kdc = domaincontroller1.mydomain.domain.com
  admin_server = domaincontroller1
  kdc = domaincontroller1
}

[domain_realm]
.kerberos.server = MYDOMAIN.DOMAIN.COM
---------------------------------------

Log files:
--------------------------------
[root at lions samba]# vi winbindd.log
[2006/02/27 08:02:32, 1] nsswitch/winbindd_ads.c:ads_cached_connection(109)
  ads_connect for domain SUBDOMAIN2 failed: No such file or directory
[2006/02/27 08:04:08, 1] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(221)
  Could not get convert sid  from string
[2006/02/27 08:04:27, 1] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(221)
  Could not get convert sid  from string
[2006/02/27 08:05:06, 1] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(221)
  Could not get convert sid  from string
[2006/02/27 08:06:29, 1] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(221)
  Could not get convert sid  from string
[2006/02/27 08:17:00, 1] nsswitch/winbindd_ads.c:ads_cached_connection(109)
  ads_connect for domain SUBDOMAIN2 failed: No such file or directory
[2006/02/27 08:21:16, 1] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(221)
  Could not get convert sid  from string
[2006/02/27 08:35:55, 1] nsswitch/winbindd_ads.c:ads_cached_connection(109)
  ads_connect for domain SUBDOMAIN2 failed: No such file or directory

--------------------------------
# /var/log/messages

Feb 27 07:57:52 lions net: [2006/02/27 07:57:52, 0]
utils/net_ads.c:ads_startup(191)
Feb 27 07:57:52 lions net:   ads_connect: No results returned
Feb 27 07:58:25 lions net: [2006/02/27 07:58:25, 0]
utils/net_ads.c:ads_startup(191)
Feb 27 07:58:25 lions net:   ads_connect: No results returned
Feb 27 08:01:01 lions crond(pam_unix)[11231]: session opened for user
root by (uid=0)
Feb 27 08:01:02 lions crond(pam_unix)[11231]: session closed for user root
Feb 27 08:30:10 lions winbindd[11510]: [2006/02/27 08:30:10, 0]
libsmb/clientgen.c:cli_rpc_pipe_close(375)
Feb 27 08:30:10 lions winbindd[11510]:   cli_rpc_pipe_close: cli_close
failed on pipe \NETLOGON, fnum 0x4009 to machine DOMAINCONTROLLER. 
Error was SUCCESS - 0
Feb 27 09:01:01 lions crond(pam_unix)[11766]: session opened for user
root by (uid=0)
Feb 27 09:01:02 lions crond(pam_unix)[11766]: session closed for user root
------------------------------------

Thanks,
Adam

More information about the samba mailing list