[Samba] Samba3.0.1pre1 winbind failing against domain groups(ADS)

Timothy E Jordan timothy_jordan at labor.state.ak.us
Wed Jan 7 22:59:47 GMT 2004 

Winbindd is having trouble finding the Domain Admins group in my domain.
 It appears to be searching for the group but does not show what domain
it's looking into - then it tries the local PC (ANC-Gentoo):

log.winbind:

[2004/01/07 13:20:43, 3] nsswitch/winbindd_group.c:winbindd_getgrnam(237)
  [23792]: getgrnam Domain Admins
[2004/01/07 13:20:43, 5] nsswitch/winbindd_acct.c:wb_getgrnam(522)
  wb_getgrnam: Did not find group (Domain Admins)
[2004/01/07 13:20:43, 5] nsswitch/winbindd_group.c:winbindd_getgrnam(254)
  winbindd_getgrnam: lookup for ANC-GENTOO\Domain Admins failed
[2004/01/07 13:21:24, 5] nsswitch/winbindd.c:winbind_client_read(465)
  read failed on sock 18, pid 23792: EOF


getent works:
$ getent group | grep "Domain Admins"
LABOR\Domain Admins:x:10003:LABOR\tim,...

wbinfo works:
$ wbinfo -g | grep "Domain Admins"
LABOR\Domain Admins


root at ANC-GENTOO var # net groupmap list
Domain Users (S-1-5-21-3791546257-2726071710-148796437-513) -> 10442
Domain Admins (S-1-5-21-3791546257-2726071710-148796437-512) -> root
Domain Guests (S-1-5-21-3791546257-2726071710-148796437-514) -> nobody


Winbind finds my domain account just fine:

[2004/01/07 13:20:43, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(219)
  [23792]: domain_info [LABOR.AK]
[2004/01/07 13:20:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(113)
  [23792]: getpwnam labor\tim
[2004/01/07 13:20:43, 3] nsswitch/winbindd_ads.c:name_to_sid(313)
  ads: name_to_sid
[2004/01/07 13:20:43, 5] libads/ldap_utils.c:ads_do_search_retry(56)
  Search for (|(sAMAccountName=tim)(userPrincipalName=tim at LABOR.AK))
gave 1 replies
[2004/01/07 13:20:43, 3] libads/ads_ldap.c:ads_name_to_sid(82)
  ads name_to_sid mapped tim
[2004/01/07 13:20:43, 3] nsswitch/winbindd_group.c:winbindd_getgroups(932)
  [23792]: getgroups LABOR\tim
[2004/01/07 13:20:43, 3] nsswitch/winbindd_ads.c:name_to_sid(313)
  ads: name_to_sid
[2004/01/07 13:20:43, 5] libads/ldap_utils.c:ads_do_search_retry(56)
  Search for (|(sAMAccountName=tim)(userPrincipalName=tim at LABOR.AK))
gave 1 replies
[2004/01/07 13:20:43, 3] libads/ads_ldap.c:ads_name_to_sid(82)
  ads name_to_sid mapped tim

I understand Andrew Bartlett is aware of the following problem, but I'm
not sure how that is going to affect file sharing from my Samba server
acting as a Domain Memeber via security=ADS.

2004/01/07 13:20:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(113)
  [23792]: getpwnam LABOR\windowsxp$
[2004/01/07 13:20:43, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(148)
  user 'windowsxp$' does not exist
[2004/01/07 13:20:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(113)
  [23792]: getpwnam windowsxp$
[2004/01/07 13:20:43, 5] nsswitch/winbindd_acct.c:wb_getpwnam(393)
  wb_getpwnam: Did not find user (windowsxp$)
[2004/01/07 13:20:43, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(125)
  winbindd_getpwnam: lookup for ANC-GENTOO\windowsxp$ failed
[2004/01/07 13:20:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(113)
  [23792]: getpwnam windowsxp$
[2004/01/07 13:20:43, 5] nsswitch/winbindd_acct.c:wb_getpwnam(393)
  wb_getpwnam: Did not find user (windowsxp$)
[2004/01/07 13:20:43, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(125)
  winbindd_getpwnam: lookup for ANC-GENTOO\windowsxp$ failed

More information about the samba mailing list