[Samba] Samba 3.0.1pre1 winbind / getent problems

Thomas Sillard thomas.sillard at free.fr
Wed Nov 5 20:48:18 GMT 2003 

Hi,

I've got some problems with winbind and ADS Domain Membership stuff.
I've joined the domain without problems with "kinit admin at MY.DOMAIN" and
"net ads join", i can see the machine account in AD with ldapbrowser.
Klist give me three tickets, as say in the documentation, OK.
I created the idmap entry in my openldap (with samba3 schema), OK.
I've set the ldap admin password in the secrets.tdb, OK (ldap idmap).
Starting service smb3, OK.
Starting service winbind3, OK.
wbinfo -u and wbinfo - g give me the list of users and groups correctly,
wbinfo -a user%passord works fine, OK.

BUT

When i try a "getent passwd" or "getent group", i don't have the windows
users. I can't see or connect to the shares on the linux box with windows file 
explorer (it prompts me a user/password). It works fine with samba 2.2.7a. 
I've installed the samba3 mandrake package, wich suffixes all libs and 
executables with the samba version's number (eg. for libnss_winbind.so -> 
libnss_winbind3.so, smbpasswd -> smbpasswd3).

What's the problem ? Where is my error ? Is the mdk version suffixing 
can be the source of the problem ?

Thanks for any help

Rgeards,

Thomas.

My config

Mandrake 9.1 , krb5-1.2.7, samba3-3.0.1-0.pre1

/etc/krb5.conf

[libdefaults]
default_realm		= MY.DOMAIN
default_etypes		= des-cbc-crc des-cbc-md5
default_etypes_des	= des-cbc-crc des-cbc-md5

[realms]
MY.DOMAIN = {
	kdc = ads.my.domain
	}

/etc/samba3/smb.conf

[global]

    workgroup = DOMAIN
    netbios name = 509-smb3
    server string = Samba Server %v
    printcap name = cups
    load printers = yes
    printing = cups
    printer admin = @"Domain Admins"
    log file = /var/log/samba3/log.%m
    max log size = 100
    log level = 10
    security = ADS
    realm = MY.DOMAIN
    password server = ads.my.domain
    encrypt passwords = yes
    winbind uid = 10000-20000
    winbind gid = 10000-20000
    winbind use default domain = yes
    winbind enum users = yes
    winbind enum groups = yes
    template homedir = /home/profiles/%D/%U
    obey pam restrictions = yes
    template shell = /bin/bash
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    idmap backend = ldap:ldap://openldap.my.domain
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    ldap admin dn = cn=manager,dc=my,dc=domain
    ldap ssl = start_tls
    ldap suffix = dc=my,dc=domain
    ldap idmap suffix = ou=Idmap
    dns proxy = yes
    dos charset = 850
    unix charset = ISO8859-1

[homes]
    comment = Home Directories
    browseable = no
    writable = yes

[printers]
    comment = All Printers
    path = /var/spool/samba3
    browseable = no
    guest ok = yes
    writable = no
    printable = yes
    create mode = 0700
    print command = lpr-cups -P %p -o raw %s -r

[print$]
    path = /var/lib/samba3/printers
    browseable = yes
    read only = yes
    write list = @adm root
    guest ok = yes

/etc/nsswitch.conf
....
passwd:     files winbind3 ldap
shadow:     files ldap
group:      files winbind3 ldap
....

More information about the samba mailing list