[Samba] Winbind - wbinfo -u works, getent passwd only gives local users

Alex Crow acrow at integrafin.co.uk
Fri May 18 07:53:55 GMT 2007 

In smb.conf, do you have
winbind enum groups = yes
winbind enum users = yes ?

I got stumped by this myself but these seem now to be off by default and
need to be added for nsswitch to enumerate users/groups.

Cheers

Alex


On Thu, 2007-05-17 at 18:30 +0100, David Lee wrote:
> Hi Rune
> I have
> 
> passwd:         compat winbind
> group:          compat winbind
> shadow:         compat
> 
> hosts:          files dns
> networks:       files
> 
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
> 
> netgroup:       nis
> 
> and am now wondering what the netgroup entry is doing.
> Other than that, it looks OK to me.
> 
> Removing the netgroup entry does not help.
> 
> David Lee
> 
> ----------  Forwarded Message  ----------
> 
> Subject: Re: [Samba] Winbind  - wbinfo -u works, getent passwd only gives 
> local users
> Date: Thursday 17 May 2007 01:20
> From: Rune Tønnesen 
> 
> Hi' David
> 
> have you checked your setup in the /etc/nsswitch.conf file?
> --
> Rune Tønnesen
> Venlig Hilsen/Best Regards
> 
> > I only have limited Samba experience, and expect this is a silly mistake,
> > but have been unable to find a solution
> >
> > I have installed Samba and Winbind on my desktop Linux (Debian) machine
> > (SPARKSTONELX), aiming to unify logins with other windows machines
> > accessing the PDC, again samba/Debian, with tdbsam password backend. All is
> > well, joining the domain, and getting account details using wbinfo -u, but
> > getent passwd only gives the local account details.
> >
> > The log file on the PDC (FILESTONE) reports
> >
> > [2007/05/15 22:31:48, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242)
> >   get_md4pw: Workstation SPARKSTONELX$: no account in domain
> > [2007/05/15 22:31:48, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461)
> >   _net_auth2: failed to get machine password for account SPARKSTONELX$:
> > NT_STATUS_ACCESS_DENIED
> >
> > [2007/05/15 22:31:52, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(259)
> >   group sparkstonelx$ in domain STONES does not exist
> >
> > and on the Linux desktop
> >
> > [2007/05/15 22:30:18, 1]
> > rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625)
> >   cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR
> > received from remo
> > te machine FILESTONE pipe \lsarpc fnum 0x767a!
> > [2007/05/15 22:30:18, 1]
> > rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(601)
> >   cli_pipe_validate_current_pdu: Bind NACK received from remote
> > machinesparkstonelx:/var/log/samba# wbinfo --own-domain
> > STONES
> > sparkstonelx:/var/log/samba# wbinfo -t
> > checking the trust secret via RPC calls succeeded
> > sparkstonelx:/var/log/samba# wbinfo -D stones
> > Name              : STONES
> > Alt_Name          :
> > SID               : S-1-5-21-835963941-2627181251-1431239077
> > Active Directory  : No
> > Native            : No
> > Primary           : Yes
> > Sequence          : 1179266454
> >  FILESTONE pipe \samr
> >  fnum 0x767b!
> > [2007/05/15 22:30:18, 0]
> > rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2356)
> >   cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error
> > NT_STATUS_NETWORK_
> > ACCESS_DENIED
> > [2007/05/15 22:30:18, 1]
> > rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(601)
> >   cli_pipe_validate_current_pdu: Bind NACK received from remote machine
> > FILESTONE pipe \lsar
> > pc fnum 0x767e!
> > [2007/05/15 22:30:18, 0]
> > rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2356)
> >   cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error
> > NT_STATUS_NETWORK_
> > ACCESS_DENIED
> >
> > but
> >
> > sparkstonelx:/var/log/samba# wbinfo --own-domain
> > STONES
> > sparkstonelx:/var/log/samba# wbinfo -t
> > checking the trust secret via RPC calls succeeded
> > sparkstonelx:/var/log/samba# wbinfo -D stones
> > Name              : STONES
> > Alt_Name          :
> > SID               : S-1-5-21-835963941-2627181251-1431239077
> > Active Directory  : No
> > Native            : No
> > Primary           : Yes
> > Sequence          : 1179266454
> >
> > Any ideas?
> >
> > My network is about 6 machines in a Christian community, some being XP
> > home, which limits my possible security settings!
> > --
> > David Lee
> > ----------------------------
> > Living Stones, Flore, UK
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
> -------------------------------------------------------
> 
> -- 
> David Lee
> ----------------------------
> Living Stones, Flore, UK

More information about the samba mailing list