[Samba] Samba 3.6.5, idmap configuration and WBC_ERR_DOMAIN_NOT_FOUND
Kevin Elliott
kevin_elliott at ci.juneau.ak.us
Thu Jul 12 12:06:54 MDT 2012
I read the bugreport that Dale linked and ended up using the workaround listed there.
Changes made to '/etc/samba/smb.conf' follow:
@@ -28,9 +28,12 @@
winbind enum users = Yes
winbind enum groups = Yes
panic action = /usr/share/samba/panic-action %d
- idmap config CBJ_NT:backend = rid
- idmap config CBJ_NT:base_rid = 0
- idmap config CBJ_NT:range = 10000-65533
+ idmap config * : backend = rid
+ idmap config * : base_rid = 0
+ idmap config * : range = 10000-65533
idmap config LIBRARY:backend = rid
idmap config LIBRARY:base_rid = 0
idmap config LIBRARY:range = 65535-79999
Does anyone have any idea why not explictly specifying the domain fixes this issue?
> -----Original Message-----
> From: Dale Schroeder [mailto:dale at BriannasSaladDressing.com]
> Sent: Tuesday, July 10, 2012 11:18
> To: Kevin Elliott
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Samba 3.6.5, idmap configuration and
> WBC_ERR_DOMAIN_NOT_FOUND
>
> On 07/10/2012 12:56 PM, Kevin Elliott wrote:
> > Hello all,
> >
> > I recently upgraded from Samba 3.5.6 (the version contained
> in Debian Stable) to Samba 3.6.5 (the version from Debian
> Backports) in an effort to closer track the current
> development to try and chase some long standing bugs out.
> >
> > I think I've resolved one problem but introduced another.
> I'm getting the "WBC_ERR_DOMAIN_NOT_FOUND" when I try to
> perform a SID to UID lookup much like so:
> >
> > city-liza-lnx:/var/log/samba# wbinfo -t checking the trust
> secret for
> > domain CBJ_NT via RPC calls succeeded city-liza-lnx:/var/log/samba#
> > wbinfo -n CBJ_NT+kevin_elliott
> > S-1-5-21-505306839-1977890393-20515302-14949 SID_USER (1)
> > city-liza-lnx:/var/log/samba# wbinfo -s
> > S-1-5-21-505306839-1977890393-20515302-14949
> > CBJ_NT+kevin_elliott 1
> > city-liza-lnx:/var/log/samba# wbinfo -S
> > S-1-5-21-505306839-1977890393-20515302-14949
> > failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND Could
> not convert
> > sid S-1-5-21-505306839-1977890393-20515302-14949 to uid
> >
> >
> > This looks like it has all the markings of following bugreport:
> >
> > https://bugzilla.samba.org/show_bug.cgi?id=8371#c5
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652679
> >
> >
> >
> > Before I follow this upstream can someone sanity check my
> configs for me? I understand that much has changed between
> 3.5 and 3.6 regarding the idmaping.
> >
> >
> > [global]
> > workgroup = CBJ_NT
> > realm = CBJ.LOCAL
> > netbios aliases = CITY-LIZA-L90, CITY-LIZA
> > server string = External FTP Server
> > interfaces = 199.58.55.87/22, lo
> > bind interfaces only = Yes
> > security = ADS
> > obey pam restrictions = Yes
> > passdb backend = tdbsam
> > password server = 199.58.55.25, 199.58.55.50
> > passwd program = /usr/bin/passwd %u
> > passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
> *Retype\snew\sUNIX\spassword:* %n\n .
> > client NTLMv2 auth = Yes
> > log level = 10
> > log file = /var/log/samba/log.%m
> > max log size = 2500
> > printcap name = cups
> > os level = 5
> > local master = No
> > domain master = No
> > wins server = 199.58.55.25
> > ldap ssl = no
> > winbind enum users = Yes
> > winbind enum groups = Yes
> > panic action = /usr/share/samba/panic-action %d
> > idmap config CBJ_NT:backend = rid
> > idmap config CBJ_NT:base_rid = 0
> > idmap config CBJ_NT:range = 10000-65533
> > idmap config LIBRARY:backend = rid
> > idmap config LIBRARY:base_rid = 0
> > idmap config LIBRARY:range = 65535-79999
> > winbind separator = +
> > winbind use default domain = Yes
> >
> > [ftp]
> > comment = FTP directory
> > path = /var/ftp/pub/
> > valid users = "@CBJ_NT+domain users"
> > read only = No
> > create mask = 0775
> > directory mask = 0775
> > hide unreadable = Yes
> >
> >
> >
> > Thank you for your consideration.
> >
>
> Kevin,
>
> With idmap rid, it could also be this one:
>
> https://bugzilla.samba.org/show_bug.cgi?id=8676
>
> This bug has been in every version of 3.6. For me, a reboot
> of the system usually will fix the problem until the next
> samba/winbind restart is required; others have not been so fortunate.
>
> Dale
>
>
More information about the samba
mailing list