[Samba] wbinfo -u -g work, wbinfo -i and getent fail

Rowland Penny rowlandpenny at googlemail.com
Mon May 4 05:01:39 MDT 2015 

On 04/05/15 04:02, Carl Gherardi wrote:
> Hi all,
>
> I'm using Ubuntu 14.04 samba 4.1.6 packages, attempting to set up a server
> for file shares AD clients can use. My previous setup was a simple AD join
> with a user map file (1 to 1 AD to unix user) that i've been migrating for
> approximately 7 years, and with the last 2003 AD server removed from the
> network it stopped working (2008 R2 DC's now).
>
> After approximately 2 weeks of varying results (including a working config
> for 24 hours), I seem to have come full circle to 'non functional' again.
>
> I'm able to join the domain using either net ads join -k or net ads join -u
> Administrator
>
> wbinfo -u - Gives me a list of domain users
> wbinfo -g - Gives a list of domain groups
>
> wbinfo -i Administrator | wbinfo -i CAG\\Administrator | wbinfo -i
> CAG+Administrator all return
> failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for <blah>

I use Linux Mint 17 and this doesn't work for me either, so I wouldn't 
worry.

>
> and getent passwd only returns local+nis users.

This is were you can start worrying :-)

>
> I see a _lot_ of posts about this via google but few with solutions.
>
> SFU is (was?) functional and pushing uid and gid's, and at several points
> in the last two weeks getent passwd|group has been functional

So, if it was working, what have you changed, or had changed for you by 
an update ?

Can you check that a user you expect to show up via 'getent passwd 
username' does in fact still have a uidNumber attribute containing a 
number between 1000-99999 (also do you have any local users ?)

Can you also check that 'Domain Users' (at least) has a gidNumber 
attribute containing a number between 1000-99999 (again, do you have any 
local groups?)

Rowland

>
> Any suggestions appreciated.
>
> Thanks
>
> Carl Gherardi
>
> smb.conf:
> [global]
>     workgroup = CAG
>     security = ADS
>     realm = CAG.DOMAIN.NAME
>     netbios aliases = gong
>     dedicated keytab file = /etc/krb5.keytab
>     kerberos method = secrets and keytab
>
>     idmap config *:backend = tdb
>     idmap config *:range = 500-999
>     idmap config CAG:backend = ad
>     idmap config CAG:range = 1000-99999
>
>     idmap config CAG:schema_mode = rfc2307
>     winbind nss info = rfc2307
>
>     winbind trusted domains only = no
>     winbind use default domain = no
>     winbind nested groups = yes
>     winbind enum users  = yes
>     winbind enum groups = yes
>     winbind refresh tickets = Yes
>     winbind expand groups = 4
>     winbind normalize names = Yes
>     domain master = no
>     local master = no
>     dns proxy = no
>     log level = 3 auth:10 winbind:3
>
> nsswitch.conf
>
> passwd:         compat winbind nis
> group:          compat winbind nis

More information about the samba mailing list