[Samba] Winbind not getting new membership for AD users
Michael Davidson
mdavidson at mountwashington.org
Wed Dec 24 17:47:36 GMT 2008
Happy Holidays for those of you celebrating holidays this time of year :-)
I am having difficulty with a newly joined Samba server, version 3.0.28-1 on
CENT OS 5.1. Winbind doesn't seem to be picking up changes to group
membership. For instance, the example commands below show a discrepancy
between wbinfo and getent group (dom\user1 does, in fact, belong to
dom\group, aka 10016)
# wbinfo -r dom\\user1
10001
10015
10039
# getent group dom\\group
dom\group:*:10016:dom\user1,dom\user2,dom\user3
In this second example, wbinfo thinks user dom\user4 does not below to group
10005, but getent believes (again, correctly) that dom\user4 does NOT belong
to group 10005.
# wbinfo -r dom\\user4
10009
10029
10016
10001
10008
10007
10006
10028
10005
10039
# getent group 10005
dom\group:*:10005:dom\user5,dom\user6
In both cases, getent correctly shows group membership whereas wbinfo does
not "know" about changes made after the server was first joined to the
domain.
In looking through the logs, I see in /var/log/samba/winbindd.log the
following message repeated hundreds of times since the server was joined.
Is this related to the problem above?
[2008/12/24 12:36:24, 1] nsswitch/winbindd_group.c:getgrgid_got_sid(606)
could not lookup sid
[2008/12/24 12:36:28, 1] nsswitch/winbindd_group.c:getgrgid_got_sid(606)
could not lookup sid
[2008/12/24 12:36:37, 1] nsswitch/winbindd_group.c:getgrgid_got_sid(606)
could not lookup sid
I am unsure where to troubleshoot next. I appreciate your help very much!!
Michael Davidson
Mount Washington Observatory
North Conway, NH 03860
www.mountwashington.org
More information about the samba
mailing list