/usr/local/samba/sbin/winbindd broken?

Rowland Penny repenny at f2s.com
Wed Aug 29 08:51:25 MDT 2012 

Hi,
As some of you may know, I have been testing nmbd,smbd & winbindd from 
Samba 4 as a client.
Well, after a good bit of testing and scratching of head, I have come to 
the conclusion that something in the /usr/local/samba/sbin/winbindd 
daemon is broken.

If, on a Samba 3.6.3 client, I type the command 'getent group', I only 
get the local users, on the Samba 4 client I get the local users plus 
ALL the domain groups, but all the info is the domain info not the POSIX 
info, for example:

domain_admins:x:1117:administrator

On the S3 client 'getent group Domain\ Computers' returns nothing 
because 'Domain Computers' is not a POSIX group, but on the S4 client 
'getent group Domain\ Computers' returns:

domain_computers:x:1114:

With 'getent passwd rowland' it is just the same, samba4 client returns:

rowland:*:1105:1103:rowland:/home/HOME/rowland:/bin/bash

This is what the S3 client returns:

rowland:*:3000016:3000012:rowland:/home/HOME/linuxusers/rowland:/bin/bash

A bit different isn't it? and the S3 client returns the same info that 
the samba4 server does

This is what is in the smb.conf on both clients:

         winbind enum users = yes
         winbind enum groups = yes
         winbind use default domain = yes
         winbind expand groups = 4
         winbind nss info = rfc2307
         winbind refresh tickets = Yes
         winbind offline logon = yes
         winbind normalize names = Yes
         idmap config HOME:schema_mode = rfc2307
         idmap config HOME:range = 20000-3100000
         idmap config HOME:backend = ad
         idmap config *:range = 1100-2000
         idmap config *:backend = tdb

I have created the symlink to libnss_winbind.so.2, I get nothing without 
this, I have also altered nsswitch.conf.

My feelings are that, winbindd on a samba4 client is ignoring the first 
three idmap lines, but I do not know how to confirm this.

So, unless the idea is to move to just using ms domain info and 
forgetting POSIX, I think that /usr/local/samba/sbin/winbindd is broken, 
unless somebody has any other suggestions that I can try?

Rowland

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba-technical mailing list