[Samba] Problems with Ad and Winbind

Schwarz Frank fs at siemens.com
Fri Jun 27 07:04:32 GMT 2003 

Hi folks,

I'm using Samba 3beta running on RH 8.0 and I'd like to authentificate against a Microsoft AD. This all works very well, except to the fact that not ALL AD Users are mapped to my Unixbox!

When starting getent passwd, my UnixBox shows just my User from passwd and some of the AD User - not all!! Looking through my User with the command wbinfo -u all AD users are shown correctly!

Anybody knowing any workaround?

Attached I'm sending my setups.


my smb.conf:

[global]
        workgroup = ***
        realm = *****
        ADS server = DE4A068C.ffm.sbs.de
        server string = Samba ADS
        security = ADS
        password server = *****
        #passdb backend = smbpasswd
        algorithmic rid base = 100000
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        encrypt passwords = yes
        log file = /usr/local/samba/var/%m.log
        log level = 10
        max log size = 100000
        domain logons = yes
        ldap ssl = no
        idmap uid = 1000-200000
        idmap gid = 1000-200000
        template shell = /bin/false
        template homedir = /home/%D/%U
        winbind cache time = 1
        #'winbind gid = 20001 - 30000
        #winbind uid = 20001 - 30000
        winbind separator =*
        winbind enum groups = yes
        winbind enum users = yes
        unix password sync = Yes

extract from winbindd.log when trying getent passwd - User Sascha is shown but mapping of Hugo fails. Hugo is a valid User in the AD!


[2003/06/26 14:04:39, 1] nsswitch/winbindd_user.c:winbindd_getpwent(511)
  could not lookup domain user hugo
[2003/06/26 14:04:39, 10] sam/idmap_util.c:sid_to_uid(219)
  sid_to_uid: sid = [S-1-5-21-484763869-1563985344-1343024091-1313]
[2003/06/26 14:04:39, 10] sam/idmap_util.c:sid_to_uid(245)
  sid_to_uid: Fall back to algorithmic mapping
[2003/06/26 14:04:39, 3] sam/idmap_util.c:sid_to_uid(248)
  sid_to_uid: SID S-1-5-21-484763869-1563985344-1343024091-1313 is *NOT* a user
[2003/06/26 14:04:39, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(46)
  error getting user id for sid S-1-5-21-484763869-1563985344-1343024091-1313

[2003/06/26 14:04:39, 1] nsswitch/winbindd_user.c:winbindd_getpwent(511)
  could not lookup domain user sascha
[2003/06/26 14:04:39, 10] sam/idmap_util.c:sid_to_uid(219)
  sid_to_uid: sid = [S-1-5-21-484763869-1563985344-1343024091-1337]
[2003/06/26 14:04:39, 10] sam/idmap_util.c:sid_to_uid(231)
  sid_to_uid: uid = [10006]
[2003/06/26 14:04:39, 10] sam/idmap_util.c:sid_to_gid(277)
  sid_to_gid: sid = [S-1-5-21-484763869-1563985344-1343024091-513]
[2003/06/26 14:04:39, 10] sam/idmap_util.c:sid_to_gid(289)
  sid_to_gid: gid = [30000]

****************************************************



Best regards/Mit freundlichem Gruß

Frank Schwarz
Siemens Business Services GmbH & Co. OhG
ORS GD SIM
Lyoner Straße 27

60528 Frankfurt

Tel.: +49 69 6682 5470

More information about the samba mailing list