[Samba] Winbind and groups

Bub Slug bub1slug at hotmail.com
Sun Oct 13 02:35:01 GMT 2002

Hi all,

I'm trying to get a samba server which is all by itself, No Windows DCs, or 
even windows shares at all, to play nice with Linux clients.

The server is authenticating Win9x, NT and 2000 clients fine and dandy, and 
now I have need to add linux clients to the scenario, and have dicovered an 
issue I can't seem to work through.  Perhaps someone can help?

On the linux client, I can login as a user that exists only on the samba 
server (TEST+testuser) , except I get the following message:

	id: cannot find name for group id 10000

When I do "wbinfo -t" I get back:
	Secret is good.

When I do "wbinfo -u" I get back:

When I do "wbinfo -g" I get back:
	TEST+Domain Admins
	TEST+Domain Users

When I do "getent passwd" I get:

	   cut for brevity
	bub:x:500:500:Bub Slug:/home/bub:/bin/bash

So far so good, until I do "getent group", which returns:

	   cut for brevity again


So my net groups "Domain Admins" and "Domain Users" don't show up when I 
getent group, and there is no other network group that winbind can map to 
gid 10000 when TEST+testuser logs in to the Linux client, and I suspect this 
is why I get the ID message on login (?)

Once again, I am not using any Windows 9x, NT, 2000 servers, the Linux Samba 
server is the only PDC (and the only DC).

Can anyone offer some help aside from the stuff that's around on the net.  
It all seems to deal with using Samba in a Domain with an actual windows DC, 
not as a standalone server being a DC.

I wonder why my client linux box can't see the domain groups on login, and 
while I'm on the subject, where do "Domain Admins" and "Domain Users" come 
from in the first place, and how do I add, delete or modify domain groups or 
how do I make groups on the Linux Samba server display to linux clients?

Both server and Client use RedHat 7.3 (Stock Kernel)  Samba wasn't installed 
with the redhat setup, instead I downloaded the tarball for 2.2.5

I compiled the server software in the source directory with:

	make install

The server is set up as a PDC with an smb.conf file that looks like:

        workgroup = TEST
        netbios name = LINUXSRV
        interfaces =
        encrypt passwords = Yes
        domain logons = Yes
        os level = 64
        preferred master = True
        domain master = True
        wins support = Yes

        path = /home/%U
        read only = No
        browseable = No

        path = /usr/local/samba/netlogon
        browseable = No

I've configured the linux client and added it to the domain by:

Setting it's host name to linuxclient,

Compiling the samba software from source (2.2.5) in the source directory 
	./configure --with-winbind
	make install
	make nsswitch

	Copied libnss_winbind.so to /lib
	Created a link:
		ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
	copied pam_winbind.so to /lib/security

	Created an smb.conf file for winbind that looks like
		workgroup = TEST
		winbind separator = +
	        winbind uid = 10000-20000
	        winbind gid = 10000-20000
        	winbind enum users = yes
	        winbind enum groups = yes
	        template homedir = /home/%U
        	template shell = /bin/bash
	        winbind use default domain = yes
	        wins server =

	Created a init script to fire up winbind

	edited /etc/nsswitch.conf to change the lines:
		passwd:	files winbind
		shadow: files
		group:	files windbind

added these lines to /etc/pam.d/login:
	auth sufficient /lib/security/pam_winbind.so
	account sufficient /lib/security/pam_winbind.so
	session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=022

did a: /sbin/ldconfig -v | grep winbind which returned:
        libnss_winbind.so -> libnss_winbind.so

I started up the winbindd daemon on the client.

Then on the server, I did:
	useradd linuxclient$
	passwd -l linuxclient$
	smbpasswd -a -m linuxclient

	useradd testuser
	passwd -l testuser
	smbpasswd -a testuser

On the linux client I did:
	smbpasswd -j TEST -r
Which reported I joined the domain successfully.

Doing all this gets me the behaviour described above.

Any help will be appreciated!


This tagline is umop ap!5dn

MSN Photos is the easiest way to share and print your photos: 

More information about the samba mailing list