[Samba] wbinfo -u -g work, wbinfo -i and getent fail
Rowland Penny
rowlandpenny at googlemail.com
Mon May 4 05:01:39 MDT 2015
On 04/05/15 04:02, Carl Gherardi wrote:
> Hi all,
>
> I'm using Ubuntu 14.04 samba 4.1.6 packages, attempting to set up a server
> for file shares AD clients can use. My previous setup was a simple AD join
> with a user map file (1 to 1 AD to unix user) that i've been migrating for
> approximately 7 years, and with the last 2003 AD server removed from the
> network it stopped working (2008 R2 DC's now).
>
> After approximately 2 weeks of varying results (including a working config
> for 24 hours), I seem to have come full circle to 'non functional' again.
>
> I'm able to join the domain using either net ads join -k or net ads join -u
> Administrator
>
> wbinfo -u - Gives me a list of domain users
> wbinfo -g - Gives a list of domain groups
>
> wbinfo -i Administrator | wbinfo -i CAG\\Administrator | wbinfo -i
> CAG+Administrator all return
> failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for <blah>
I use Linux Mint 17 and this doesn't work for me either, so I wouldn't
worry.
>
> and getent passwd only returns local+nis users.
This is were you can start worrying :-)
>
> I see a _lot_ of posts about this via google but few with solutions.
>
> SFU is (was?) functional and pushing uid and gid's, and at several points
> in the last two weeks getent passwd|group has been functional
So, if it was working, what have you changed, or had changed for you by
an update ?
Can you check that a user you expect to show up via 'getent passwd
username' does in fact still have a uidNumber attribute containing a
number between 1000-99999 (also do you have any local users ?)
Can you also check that 'Domain Users' (at least) has a gidNumber
attribute containing a number between 1000-99999 (again, do you have any
local groups?)
Rowland
>
> Any suggestions appreciated.
>
> Thanks
>
> Carl Gherardi
>
> smb.conf:
> [global]
> workgroup = CAG
> security = ADS
> realm = CAG.DOMAIN.NAME
> netbios aliases = gong
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
>
> idmap config *:backend = tdb
> idmap config *:range = 500-999
> idmap config CAG:backend = ad
> idmap config CAG:range = 1000-99999
>
> idmap config CAG:schema_mode = rfc2307
> winbind nss info = rfc2307
>
> winbind trusted domains only = no
> winbind use default domain = no
> winbind nested groups = yes
> winbind enum users = yes
> winbind enum groups = yes
> winbind refresh tickets = Yes
> winbind expand groups = 4
> winbind normalize names = Yes
> domain master = no
> local master = no
> dns proxy = no
> log level = 3 auth:10 winbind:3
>
> nsswitch.conf
>
> passwd: compat winbind nis
> group: compat winbind nis
More information about the samba
mailing list