3.0.25pre2 winbind woes

Aknin the.aknin at gmail.com
Wed Mar 28 12:07:14 GMT 2007 

[ I answered SATOH directly, only now I realized he sent his email to
me and to the list, so I copy my reply here ]

Think it may be easiest to answer through transcript:
// I have the group "domain admins"
root at node1[log]# wbinfo -g | grep "domain admins"
domain admins
root at node1[log]#

// but I can't get it's info, neither through wbinfo nor through getent
root at node1[log]# wbinfo --group-info "domain admins"
Could not get info for group domain admins
root at node1[log]# getent group "domain admins"
root at node1[log]#

// but I am connected to the domain
root at node1[log]# getent passwd administrator
administrator:*:100500:100513:Administrator:/home/AMBER/administrator:/bin/false
root at node1[log]#

This happens with all groups, and does not happen when I switch to
3.0.24, against the same domain from the same host. The only change I
do is switch to the old smb.conf (listed above), change binaries and
rejoin the domain.

Running with debuglevel 10, these are the relevant lines (I suspect)
from the log:
Initializing idmap domains
Probing module 'rid'
Probing module 'rid': Trying to load from
/usr/local/opt/samba-3.0.25pre2/lib/idmap/rid.so
Module '/usr/local/opt/samba-3.0.25pre2/lib/idmap/rid.so' loaded
Successfully added idmap backend 'rid'
Domain AMBER - Backend rid - default - readonly
Domain GANDALF - Backend passdb - not default - readonly
Initializing idmap alloc module
Opening tdbfile /var/samba/locks/winbindd_idmap.tdb
sid [S-1-5-21-3852262182-3670394236-2349744585-512] not mapped to an
gid [2,134509000,134509568]
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend NDS_ldapsam
Successfully added passdb backend 'NDS_ldapsam'
Attempting to register passdb backend NDS_ldapsam_compat
Successfully added passdb backend 'NDS_ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to find an passdb backend to match smbpasswd (smbpasswd)
Found pdb backend smbpasswd
pdb backend smbpasswd has a valid init
Sid S-1-5-21-3852262182-3670394236-2349744585-512 is neither ours nor
builtin, don't know it
error converting unix gid to sid

Ideas?

Thanks,
 - Yaniv

On 3/27/07, SATOH Fumiyasu <fumiya at samba.gr.jp> wrote:
> At Mon, 26 Mar 2007 17:59:54 +0200,
> Aknin wrote:
> > Not sure if this is for samba-technical or samba, but it pertains to a
> > problem in 3.0.25preX that works in 3.0.24, so I hope I'm correct in
> > sending it here.
> > I'm using RID backend for a winbind deployment on a Solaris 10 server.
> >
> > Since .25, I'm having trouble resolving the 'group' nss database, and
> > am getting:
> > [2007/03/26 17:36:24, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(563)
> >   error converting unix gid to sid
> > In my winbind log file. Resolving 'passwd' works OK. wbinfo -g works OK.
>
> What do `wbinfo --group-info <ad-group-name>`,
> `getent group`, `getent group <ad-group-name>` and
> `getent group <ad-gid-number` say?
>
> --
> -- Name: SATOH Fumiyasu / fumiyas @ osstech.co.jp
> -- Business Home: http://www.OSSTech.co.jp
> -- Personal Home: http://www.SFO.jp/blog/
>
> > I read the new winbind documentation and modified my smb.conf to
> > include the following lines:
> > [global]
> > workgroup = AMBER
> > netbios name = gandalf
> > realm = AMBER
> > security = ADS
> > allow trusted domains = no
> > idmap domains = AMBER
> > idmap config AMBER: default = yes
> > idmap config AMBER: backend = rid
> > idmap config AMBER: range = 100000-999999
> > idmap alloc config: range = 100000-999999
> >
> > My old 3.0.24 smb.conf had the following lines, and worked correctly:
> > [global]
> > workgroup = AMBER
> > netbios name = gandalf
> > realm = AMBER
> > security = ADS
> > allow trusted domains = no
> > idmap backend = rid:AMBER=100000-999999
> > idmap uid = 100000-999999
> > idmap gid = 100000-999999
> >
> > On a hunch, I tried adding the 'idmap uid' and 'idmap gid' lines to
> > the 3.0.25 configuration, it didn't work.
> >
> > Tips? Bug against for 3.0.25?
>

More information about the samba-technical mailing list