[Samba] wbinfo -i -> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND

Andrey Repin anrdaemon at yandex.ru
Sun Nov 22 10:01:09 UTC 2015 

Greetings, Jeff Dickens!

> Created a new thread because I screwed up and top-posted.


> So I am still stuck.  For reference here is the smb.conf on the member
> server:

> root at florence:~# more /etc/samba/smb.conf
> [global]

>        netbios name = FLORENCE
>        security = ADS
>        workgroup = IOL
>        realm = IOL.SEAMANPAPER.COM <http://iol.seamanpaper.com/>

>        log file = /var/log/samba/%m.log
>        log level = 1

>        dedicated keytab file = /etc/krb5.keytab
>        kerberos method = secrets and keytab
>        winbind refresh tickets = yes

>        winbind trusted domains only = no
>        winbind use default domain = yes
>        winbind enum users  = yes
>        winbind enum groups = yes

>        # idmap config used for your domain.
>        # Choose one of the following backends fitting to your
>        # requirements and add the corresponding configuration.
>        # idmap config ad
>        #  - idmap config rid
>        #  - idmap config autorid
>         idmap config *:backend = tdb
>         idmap config *:range = 2000-9999
>         idmap config IOL:backend = ad
>         idmap config IOL:schema_mode = rfc2307
>         idmap config IOL:range = 1000000-9999999

Here's the part of the problem. It appears to me the NSS link was first set up
with range under 3kk. With builtin and local UID/GID's going over 3kk.
With changing the range post factum, you've threaded on the reserved range.

>         winbind nss info = rfc2307


> [home]
>         path=/home/
>         read only = No


> I increased the range because it seems like the DC is using IDs above
> 1,000,000.

You should use the same range the domain was provisioned with. Or NSS
initialized with.
If you are migrating the domain from Samba3, it may become rather complicated
to figure out the right range.

> This is on the DC:

> root at athens:~# wbinfo -u
> administrator
> test1
> krbtgt
> guest
> root at athens:~# wbinfo -i administrator
> administrator:*:0:100::/home/IOL/administrator:/bin/false
> root at athens:~# wbinfo -i test1
> test1:*:3000019:100:Test One:/home/IOL/test1:/bin/false
> root at athens:~#

Note the artificially low UID and GID numbers. That doesn't look like the NSS
is in play.

Also, to the your previous example of 'wbinfo -i "domain users"'...

# wbinfo --group-info 'domain users'
domain users:x:513:

(The point being, 'domain users' is not a user, and -i only looking for users.)


-- 
With best regards,
Andrey Repin
Sunday, November 22, 2015 12:49:57

Sorry for my terrible english...

More information about the samba mailing list