[Samba] wbinfo, net, getent and groups

Robert Steinmetz rob at steinmetznet.com
Sat Jan 23 17:52:17 MST 2010 

I've found at least part of the problem. PAM was not properly 
configured. Apparently I had used a configuration for a previous version 
of pam which did not work with my setup..


On 1/22/2010 2:49 PM, Robert Steinmetz AIA wrote:
> I have two servers running Samba 2.3.3, one as a Domain Controller one 
> as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and 
> winbindd using the tdb back end are running on both.
>
> I am don't understand the results. As far as I can tell I have 
> everything configured as it should be.
>
> The basic globals for the DC
>
> [global]
>         workgroup = ATLANTA
>         time server = Yes
>         hostname lookups = Yes
>         domain logons = Yes
>         preferred master = Yes
>         domain master = Yes
>         wins support = Yes
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
>         winbind enum users = Yes
>         winbind enum groups = Yes
>         hide dot files = No
>
>
> The glbals for the Member Server
>
> [global]
>         workgroup = ATLANTA
>         security = DOMAIN
>         password server = 192.168.1.24
>         name resolve order = wins bcast hosts
>         wins proxy = Yes
>         wins server = 192.168.1.24
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
>         template shell = /bin/bash
>         winbind enum users = Yes
>         winbind enum groups = Yes
>         hosts allow = 192.168.1.0/255.255.255.0
>
> getent does not return the names on any domain groups or users.
>
> wbinfo does return the names on domains groups and users.
>
> BUILTIN\administrators
> BUILTIN\users
> ATLANTA\domain users
> ATLANTA\domain guests
> ATLANTA\domain admins
>
> net groupmap list  on the DC shows mapping to groups
>
> Backup Operators (S-1-5-32-551) -> backup
> Power Users (S-1-5-32-547) -> atlanta
> Replicators (S-1-5-32-552) -> staff
> Domain Users (S-1-5-21-4166445610-3302986456-3838465043-513) -> samba
> Domain Guests (S-1-5-21-4166445610-3302986456-3838465043-514) -> nogroup
> Administrators (S-1-5-32-544) -> staff
> Account Operators (S-1-5-32-548) -> account
> Users (S-1-5-32-545) -> samba
> Print Operators (S-1-5-32-550) -> print
> Guests (S-1-5-32-546) -> nogroup
> System Operators (S-1-5-32-549) -> operator
> Domain Admins (S-1-5-21-4166445610-3302986456-3838465043-512) -> staff
>
> net groupmap list on the Member Server shows only the builtin in groups
>
> Administrators (S-1-5-32-544) -> BUILTIN\administrators
> Users (S-1-5-32-545) -> BUILTIN\users
>


-- 
*Robert Steinmetz, AIA*
Principal
*Steinmetz & Associates*

More information about the samba mailing list