[Samba] pam_winbind could not lookup name
Arthur Ramsey
arthur_ramsey at mediture.com
Thu Oct 22 20:14:29 UTC 2015
I upgraded Samba from 4.2.0 to 4.3.1 on my domain controllers. Now on 2
of 4 I get the following.
Oct 22 15:07:38 dc01 sshd[1372]: pam_winbind(sshd:auth): getting password (0x00000250)
Oct 22 15:07:38 dc01 sshd[1372]: pam_winbind(sshd:auth): pam_get_item returned a password
Oct 22 15:07:38 dc01 sshd[1372]: pam_winbind(sshd:auth): could not lookup name: # S-1-5-21-678334807-552442689-1282242543-512
Oct 22 15:07:38 dc01 sshd[1372]: pam_winbind(sshd:auth): cannot convert group # S-1-5-21-678334807-552442689-1282242543-512 to sid, check if group # S-1-5-21-678334807-552442689-1282242543-512 is valid group.
This is my config.
passdb backend = tdbsam
winbind refresh tickets = yes
winbind offline logon = yes
winbind use default domain = yes
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
kerberos method = secrets and keytab
idmap_ldb:use rfc2307 = yes
idmap config *: backend = tdb
idmap config *: range = 90000001-100000000
idmap config MEDITURE: backend = ad
idmap config MEDITURE: range = 10000-90000000
idmap config MEDITURE: schema mode = rfc2307
I verified I have the schema.
ldbsearch -H /usr/local/samba/private/sam.ldb -s base -b CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=mediture,DC=dom
# record 1
dn: CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=mediture,DC=dom
objectClass: top
objectClass: container
cn: ypservers
instanceType: 4
whenCreated: 20141126165518.0Z
whenChanged: 20141126165518.0Z
uSNCreated: 60503
uSNChanged: 60503
showInAdvancedViewOnly: TRUE
name: ypservers
objectGUID: 020c622b-3c45-401f-a60d-54027210861f
objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=mediture,DC=dom
distinguishedName: CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=meditu
re,DC=dom
# returned 1 records
# 1 entries
# 0 referrals
I now get a message "Unwilling to perform" when I access the UNIX
Attributes tab in ADUC.
--
Arthur Ramsey
Systems Administrator
Mediture
arthur_ramsey at mediture.com
952.400.0323
This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.
More information about the samba
mailing list