[Samba] pam_winbind could not lookup name

Arthur Ramsey arthur_ramsey at mediture.com
Thu Oct 22 20:14:29 UTC 2015 

I upgraded Samba from 4.2.0 to 4.3.1 on my domain controllers.  Now on 2 
of 4 I get the following.

Oct 22 15:07:38 dc01 sshd[1372]: pam_winbind(sshd:auth): getting password (0x00000250)
Oct 22 15:07:38 dc01 sshd[1372]: pam_winbind(sshd:auth): pam_get_item returned a password
Oct 22 15:07:38 dc01 sshd[1372]: pam_winbind(sshd:auth): could not lookup name: # S-1-5-21-678334807-552442689-1282242543-512
Oct 22 15:07:38 dc01 sshd[1372]: pam_winbind(sshd:auth): cannot convert group # S-1-5-21-678334807-552442689-1282242543-512 to sid, check if group # S-1-5-21-678334807-552442689-1282242543-512 is valid group.

This is my config.

passdb backend = tdbsam

winbind refresh tickets = yes
winbind offline logon = yes
winbind use default domain = yes
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes

kerberos method = secrets and keytab

idmap_ldb:use rfc2307 = yes

idmap config *: backend = tdb
idmap config *: range = 90000001-100000000

idmap config MEDITURE: backend = ad
idmap config MEDITURE: range = 10000-90000000
idmap config MEDITURE: schema mode = rfc2307

I verified I have the schema.

ldbsearch -H /usr/local/samba/private/sam.ldb -s base -b CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=mediture,DC=dom
# record 1
dn: CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=mediture,DC=dom
objectClass: top
objectClass: container
cn: ypservers
instanceType: 4
whenCreated: 20141126165518.0Z
whenChanged: 20141126165518.0Z
uSNCreated: 60503
uSNChanged: 60503
showInAdvancedViewOnly: TRUE
name: ypservers
objectGUID: 020c622b-3c45-401f-a60d-54027210861f
objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=mediture,DC=dom
distinguishedName: CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=meditu
  re,DC=dom

# returned 1 records
# 1 entries
# 0 referrals

I now get a message "Unwilling to perform" when I access the UNIX 
Attributes tab in ADUC.

-- 
Arthur Ramsey
Systems Administrator
Mediture
arthur_ramsey at mediture.com
952.400.0323


This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.

More information about the samba mailing list