[Samba] Winbind issue using samba 3.6.3

Steve Snedeker steve at imninjas.com
Mon Oct 1 14:47:47 MDT 2012 

Getting closer!  Thank You! I am able to see the users, but cannot see the groups. 

10513 should be the "Domain Users" group.

getent passwd works but getent group only shows the local groups.

When I su into a domain user I get this error:  groups: cannot find name for group ID 10513


----- Original Message -----
From: "Heather Choi" <hceuterpe at gmail.com>
To: "Steve Snedeker" <steve at imninjas.com>
Cc: samba at lists.samba.org
Sent: Friday, September 28, 2012 11:12:11 PM
Subject: Re: [Samba] Winbind issue using samba 3.6.3


Looks like you have a potentially conflicting idmap block here: 
idmap backend = rid:DOMAN=10000-20000 and here: idmap uid = 10000-20000
idmap gid = 10000-20000 This is more contemporary with Samba 3.6: 

idmap config * : backend = tdb 
idmap config * : range = 20001-30000 

idmap config DOMAIN : backend = rid 
idmap config DOMAIN : range = 10000-20000 
idmap config DOMAIN : base_rid = 0 

[me at LINUX ~](14)$ wbinfo --user-info=testuser 
testuser:*:13102:1513:Test User:/home/testuser:/bin/bash 
[me at LINUX ~](15)$ getent passwd testuser 
testuser:*:13102:1513:Test User:/home/testuser:/bin/bash 

(My low-end range starts lower than 10000, btw). 

Also, you sure you want to keep your idmap range within just 10000? Seems quite low to me. 

On 09/24/2012 04:31 PM, Steve Snedeker wrote: 


We have a cross platform environment with a Windows 2008 server running Active Directory and many of our workstations are running ubuntu 10.10 using winbind for user authentication. The version of samba running on these boxes is 3.5.4

We are looking to upgrade to Ubuntu 12.04 which runs samba 3.6.3

I am able to connect to the DC, and am able to see the users running the wbinfo -u command, but when I run the getent passwd command I do not see the domain users.

I was able to successfully downgrade to samba 3.5.4 and after connecting to the DC I ran the command getent passwd and was able to see the domain users, and su to that particular user successfully. The only issue here was due to dependency issues downgrading to samba 3.5.4 resulted in libwbclient0 being downgraded which resulted in the removal of ubuntu-desktop.

------------

/etc/nsswitch.conf

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd: files winbind
group: files winbind
shadow: files winbind

hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis


----------

/etc/samba/smb.conf

[global]
security = ads
realm = DOMAIN.COM
password server = pdc.domain.com bdc.domain.com
workgroup = DOMAIN
idmap backend = rid:DOMAN=10000-20000
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
template homedir = /vhome/%U
template shell = /bin/bash
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
winbind use default domain = yes
restrict anonymous = 2


I've seen other posts out there with similar problems, but haven't seen a solution that works for me.

More information about the samba mailing list