[Samba] winbindd problem - more debug dataz
gnu_is_not_unix
gnu_is_not_unix at wp.pl
Sun Jul 21 15:28:01 GMT 2002
Hello ,
[root at srubka root]# wbinfo -u |grep user
DOMAIN+user
[root at srubka root]# wbinfo -n user
S-1-5-21-901448495-183529283-701057205-1327 1
[root at srubka root]# wbinfo -s S-1-5-21-901448495-183529283-701057205-1327
DOMAIN+user 1
[root at srubka root]# wbinfo -S S-1-5-21-901448495-183529283-701057205-1327
10026
[root at srubka root]# wbinfo -Y S-1-5-21-901448495-183529283-701057205-1327
Could not convert sid S-1-5-21-901448495-183529283-701057205-1327 to gid
(ofcourse other groups are converting !)
--------
[root at srubka root]# wbinfo -G 10000
S-1-5-21-901448495-183529283-701057205-513
[root at srubka root]# wbinfo -Y S-1-5-21-901448495-183529283-701057205-513
10000
[root at srubka root]# getent group|grep 10000|more
DOMAIN+Domain Users:x:10000: ....... long list
--------
[root at srubka root]# wbinfo -U 10026
S-1-5-21-901448495-183529283-701057205-1327
[root at srubka root]# getent group|grep user|more
DOMAIN+Domain Admins:x:10001:.........DOMAIN+user..... (few entires
more)
DOMAIN+Domain Users:x:10000:.......DOMAIN+user..... (long list)
[root at srubka root]# getent passwd|grep user
DOMAIN+user:x:10026:10000:Some user:/home/DOMAIN/user:/bin/bash
When conneting to share a USER is autenticated as NOBODY.
Maybe groups in DOMAIN are corrupted ?
---- QUOTED FROM MY PREVIOUS MESSAGE -----
Im trying to setup samba 2.2.5 with winbindd to work with nt4.0 domain
style. Samba is working OK without winbindd - users can see server,
share. Also they can write to directorie with read, write list
enabled.
I have added that server to NT DOMAIN through SERVER MANAGER from NT,
and smpasswd -j DOMAIN -r PCD -U Admin from linux box - that stage is
OK - i can see the server from NT User Manager so my linux box is in
DOMAIN.
As the faq said I added the following lines to my smb.conf:
workgroup = DOMAIN
security = DOMAIN
encrypt passwords = Yes
password server = PASSSERV
domain logons = no
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
winbind cache time = 5
winbind use default domain = No
template shell = /bin/bash
template homedir = /home/%D/%U
wbinfo -u gives me a proper list of user from DOMAIN (DOMAIN+username
style)
wbinfo -g gives me proper list of groups from DOMAIN
[root at srubka samba]# wbinfo -n user
S-1-5-21-901448495-183529283-701057205-1327 1
[root at srubka samba]# wbinfo -n user2
S-1-5-21-901448495-183529283-701057205-1565 1
[root at srubka samba]# wbinfo -s S-1-5-21-901448495-183529283-701057205-1327 1
DOMAIN+user 1
[root at srubka samba]# wbinfo -s S-1-5-21-901448495-183529283-701057205-1565 1
DOMAIN+user2 1
[root at srubka samba]# wbinfo -S S-1-5-21-901448495-183529283-701057205-1327 1
10026 - it is ok - getent passwd|grep 10026 - user
Output from getent passwd and getent group looks also ok - i can users
and groups - ofcourse when winbindd is switch on.
My /etc/pam.d/samba looks like:
#%PAM-1.0
session required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok
account required /lib/security/pam_winbind.so
I made [test] share:
[test]
path = /home/test
read list = DOMAIN+user DOMAIN+user2
write list = DOMAIN+user DOMAIN+user2
read only = No
vfs object = /usr/lib/samba/vfs/recycle.so
vfs options = /etc/samba/recycle.conf
The problem is:
user or user2 cant connect [test] share because:
/var/log/samba/log.winbind
[2002/07/20 21:41:48, 1] nsswitch/winbindd_util.c:init_domain_list(152)
getting trusted domain list
[2002/07/20 21:43:41, 3] nsswitch/winbindd_group.c:winbindd_getgroups(770)
[ 4228]: getgroups nobody
[2002/07/20 21:43:41, 3] nsswitch/winbindd_sid.c:winbindd_lookupsid(37)
[ 4228]: lookupsid S-1-5-21-901448495-183529283-701057205-513
[2002/07/20 21:43:41, 3] libsmb/namequery.c:resolve_lmhosts(768)
resolve_lmhosts: Attempting lmhosts lookup for name PASSSERV<0x20>
[2002/07/20 21:43:41, 4] libsmb/namequery.c:getlmhostsent(532)
getlmhostsent: lmhost entry: 127.0.0.1 localhost
[2002/07/20 21:43:41, 3] libsmb/namequery.c:resolve_hosts(808)
resolve_hosts: Attempting host lookup for name PASSSERV<0x20>
[2002/07/20 21:43:41, 3] lib/util_sock.c:open_socket_in(813)
bind succeeded on port 0
[2002/07/20 21:43:41, 4] libsmb/nmblib.c:debug_nmb_packet(107)
nmb packet from 10.10.12.27(137) header: id=16507 opcode=Query(0) response=Yes
header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=DOMAIN<1c> rr_type=33 rr_class=1 ttl=0
answers 0 char .PASSSERV hex 0B5255444F4C46202020202020202020
answers 10 char D.PASSSERV hex 2044005255444F4C4620202020202020
answers 20 char .D.DOMAIN hex 2020004400535A50455241435A452020
answers 30 char ...DOMAIN hex 2020202000C400535A50455241435A45
answers 40 char ...DOMAIN hex 2020202020201CC400535A5045524143
answers 50 char ZE ...PASS hex 5A452020202020201EC4005255444F4C
answers 60 char F .D.ADM hex 4620202020202020202003440041444D
answers 70 char INISTRATOR .D.P hex 494E4953545241544F52202003440052
answers 80 char SSSERV .D hex 55444F4C462020202020202020200144
answers 90 char .DOMAIN hex 00535A50455241435A45202020202020
answers a0 char .D.DOMAIN hex 1B4400535A50455241435A4520202020
answers b0 char .D...__MSBROWS hex 20201D440001025F5F4D5342524F5753
answers c0 char E__............. hex 455F5F0201C400000102B1E8A7000000
answers d0 char ................ hex 00000000000000000000000000000000
answers e0 char ................ hex 00000000000000000000000000000000
answers f0 char ..... hex 0000000000
[2002/07/20 21:43:41, 3] nsswitch/winbindd_cm.c:cm_get_dc_name(205)
cm_get_dc_name: Returning DC PASSSERV (10.10.12.27) for domain
DOMAIN
[2002/07/20 21:43:41, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(236)
IPC$ connections done anonymously
[2002/07/20 21:43:41, 3] libsmb/cliconnect.c:cli_full_connection(980)
Connecting to host=PASSSERV share=IPC$
[2002/07/20 21:43:41, 3] lib/util_sock.c:open_socket_out(845)
Connecting to 10.10.12.27 at port 445
[2002/07/20 21:43:41, 2] lib/util_sock.c:open_socket_out(873)
error connecting to 10.10.12.27:445 (Connection refused)
[2002/07/20 21:43:41, 3] lib/util_sock.c:open_socket_out(845)
Connecting to 10.10.12.27 at port 139
[2002/07/20 21:43:41, 3] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(140)
[ 4228]: sid to gid S-1-5-21-901448495-183529283-701057205-513
[2002/07/20 21:43:41, 3] nsswitch/winbindd_sid.c:winbindd_lookupsid(37)
[ 4228]: lookupsid S-1-5-21-901448495-183529283-701057205-512
[2002/07/20 21:43:41, 3] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(140)
[ 4228]: sid to gid S-1-5-21-901448495-183529283-701057205-512
[2002/07/20 21:43:41, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(201)
[ 4228]: gid to sid 10000
[2002/07/20 21:43:41, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(201)
[ 4228]: gid to sid 10001
[2002/07/20 21:43:41, 3] nsswitch/winbindd_group.c:winbindd_getgroups(770)
[ 4228]: getgroups nobody
^^^^^^ ????????
^^^^^^^ ????????
Logging in my smb.conf is:
log file = /var/log/samba/samba-log.%U
and the file is ok - it is samba-log.user so samba see that user is
connected
What is wrong with my conf ?
ps. Thanks for Your responses about my "recycle bin" problem !!!!!
--
Best regards,
gnu_is_not_unix
More information about the samba
mailing list