[Samba] how to make 'winbind nss info = sfu' work in v >= 3.0.26a

Wed Apr 16 18:40:38 GMT 2008

At the suggestion of someone who replied offline, I tried replacing
reference to 'sfu' with 'rfc2307', as well as converting to the newer
idmap config directives.  However, I still can't resolve sids to uids.

Now, instead of complaining about not finding sfu.so, the log complains
about not finding rfc2307.so:

/* BEGIN log.wb-MYDOMAIN excerpt : */
[2008/04/16 13:21:15, 5] nsswitch/nss_info.c:smb_register_idmap_nss(79)
  smb_register_idmap_nss: Successfully added idmap nss backend 'template'
[2008/04/16 13:21:15, 5] lib/module.c:smb_probe_module(108)
  Probing module 'rfc2307'
[2008/04/16 13:21:15, 5] lib/module.c:smb_probe_module(119)
  Probing module 'rfc2307': Trying to load from /usr/lib/samba/nss_info/rfc2307.so
[2008/04/16 13:21:15, 3] lib/module.c:do_smb_load_module(49)
  Error loading module '/usr/lib/samba/nss_info/rfc2307.so': /usr/lib/samba/nss_info/rfc2307.so: cannot open shared object file: No such file or directory
[2008/04/16 13:21:15, 3] nsswitch/nss_info.c:nss_init(209)
  nss_init: no nss backends configured.  Defaulting to "template".
/* END   log.wb-MYDOMAIN excerpt   */

It seems strange that log.winbindd-idmap says it successfully loaded nss backend 'sfu':

/* BEGIN log.winbindd-idmap excerpt : */
[2008/04/16 13:21:15, 1] nsswitch/idmap.c:idmap_init(365)
  Initializing idmap domains
[2008/04/16 13:21:15, 5] lib/module.c:smb_probe_module(108)
  Probing module 'ad'
[2008/04/16 13:21:15, 5] lib/module.c:smb_probe_module(119)
  Probing module 'ad': Trying to load from /usr/lib/samba/idmap/ad.so
[2008/04/16 13:21:15, 2] lib/module.c:do_smb_load_module(64)
  Module '/usr/lib/samba/idmap/ad.so' loaded
[2008/04/16 13:21:15, 5] nsswitch/idmap.c:smb_register_idmap(163)
  Successfully added idmap backend 'ad'
[2008/04/16 13:21:15, 5] nsswitch/nss_info.c:smb_register_idmap_nss(79)
  smb_register_idmap_nss: Successfully added idmap nss backend 'rfc2307'
[2008/04/16 13:21:15, 5] nsswitch/nss_info.c:smb_register_idmap_nss(79)
  smb_register_idmap_nss: Successfully added idmap nss backend 'sfu'
[2008/04/16 13:21:15, 5] nsswitch/idmap.c:idmap_init(452)
  Forcing to readonly, as this module can't store arbitrary mappings.
/* END   log.winbindd-idmap excerpt   */

Anyone have an idea of what is messed up here?  Thanks,

Jon

* Jonathan Detert <Jonathan.Detert at msoe.edu> [080415 16:00]:
> There is an instance of Ms.Active Directory that has had the 'Services
> For Unix' applied.
> 
> I use winbind v3.0.24 to get user/group info from that Ms.Active directory
> instance like so:
> -------- begin smb.conf snippet: ------------
> security = ADS
> realm = mydomain.com
> workgroup = MYDOMAIN
> 
> winbind enum groups = yes
> winbind enum users = yes
> winbind nested groups = yes
> winbind nss info = sfu
> winbind separator = +
> winbind use default domain = yes
> 
> idmap gid = 500-45000
> idmap uid = 500-45000
> idmap backend = ad
> -------- end   smb.conf snippet: ------------
> 
> that works fine on ubuntu v7.04.
> 
> The same config, shown above, does not work under winbind v3.0.26a
> running on ubuntu v7.10.  I can turn an name into a sid, and the sid
> back into a name (via wbinfo -n and -s, respectively), but I can't turn
> a sid into a unix uid or gid (via the -S argument).  Also, 'getent passwd'
> doesn't return any users from Active Directory.
> 
> Any idea what's wrong?  Is it my config?
> -- 
> Jon Detert
> IT Systems Administrator, Milwaukee School of Engineering
> 1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A.
> --
> Linus Torvalds can divide by zero.
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
Jon Detert
IT Systems Administrator, Milwaukee School of Engineering
1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A.
--
Fashion is a form of ugliness so intolerable that we have to alter it every six months.

~ Oscan Wilde