[Samba] err: I have no name (Idmap Ldap)

gints neimanis gints at venta.lv
Sat Aug 21 11:22:17 GMT 2004 

I succesfully setted up the winbind with "idmap backend = ldap:ldap:..."
LDAP is used only to store idmap's.

The problem:
On the server with OpenLDAP and winbind, all is working fine! Thanks to 
the SAMBA team and OSS community!


But on the second server, where winbind is used to authenticate users 
and retrieve uid's from server with ldap, users get error message: "id: 
cannot find name for user ID ...". The authentication works fine, users 
can use their samba shares, but ssh sessions are not more accessible 
(There is error, that it is not possible to retrieve username for 
lastlog and session closes).

May bee someone had already such problem, and know's solution?

There is some illustration of problem:

=======
[root at virsis /]# wbinfo -t
checking the trust secret via RPC calls succeeded
=======
[root at virsis /]# wbinfo -u
...skip
tst10
tst11
...skip
=======
[root at virsis /]# getent passwd | grep tst1
tst10:x:20694:30000::/skola/tst10:/bin/bash
tst11:x:20695:30000::/skola/tst11:/bin/bash
...skip
=======
But!

[root at virsis /]# su tst10
Creating directory '/skola/tst10'.
Creating directory '/skola/tst10/tmp'.
id: cannot find name for user ID 20694
[I have no name!@virsis /]$

and

[I have no name!@virsis tst10]$ ls -l
total 4
drwxr-xr-x  2 20694 30000 4096 aug 21 13:27 tmp/
=======


The both systems are like each other:

The configuration on both servers are like each other:

- Mandrake Cooker
- samba 3.0.5.2 (including winbind)

The samba.conf on secondary server

[root at virsis root]# cat /etc/samba/smb.conf
[global]
         workgroup = SKOLA
         security = domain
         netbios name = VIRSIS
         winbind use default domain = yes
         default service = homes
         unix charset = iso8859-13
         idmap gid = 20000-30000
         idmap uid = 30000-40000
         winbind separator = +
         winbind use default domain = yes
         idmap backend = ldap:ldap://10.0.0.50
         ldap admin dn = cn=Manager,dc=venta,dc=lv
         ldap suffix = dc=venta,dc=lv
         ldap idmap suffix = ou=Idmap
         winbind enum users = yes
         winbind enum groups = yes
         encrypt passwords = Yes
         template homedir = /skola/%U
         os level = 18
         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
         wins server = 10.0.0.10
         log level = 3
         obey pam restrictions = yes
         template shell = /bin/bash
         max log size = 200
         min protocol = NT1
         password server = *
         local master = No
[homes]
...skip

The /etc/nsswitch.conf
...
passwd:     files winbind nisplus nis
shadow:     files nisplus nis
group:      files winbind nisplus nis
...

There is no working nscd daemon, which will cause "I have no name!" problem.

Thanks!
Gints

More information about the samba mailing list