[Samba] getent passwd cannot list win2k ADS users
Pedro Henrique Ponchio
phenrique at atech.br
Wed Jan 21 20:36:16 GMT 2004
Hello maorui/all,
I have the same problem, with the Debian 3.0r2, using samba 3.0.1 compiled from sources, with the options:
./configure --with-ads --with-winbind --with-winbind-auth-challenge --with-smbmount --prefix=/usr --with-ldap --with-pam_smbpass --with-syslog --with-utmp --with-swatdir=/etc/samba/swat --with-libsmbclient --with-acl-support --with-quotas --with-pam --with-nisplus-home --with-configdir=/etc/samba --with-privatedir=/etc/samba --sysconfdir=/etc/samba
All the other conf files is looking exactly like yours, and I don´t know what to do to make it works. "wbinfo -u" and "wbinfo -g" is working fine ...
Thks to any reply to this.
Regards,
---
Pedro Henrique C. Ponchio
Fundação ATECH Tecnologias Críticas
(5511) 3040-7300 ramal 150
---
maorui maorui at exavio.com.cn <mailto:samba%40lists.samba.org?Subject=%5BSamba%5D%20getent%20passwd%20cannot%20list%20win2k%20ADS%20users&In-Reply-To=>
Mon Dec 1 09:24:18 GMT 2003
I'm using RH9, and install Samba 3.0.0 by using rpm package.
I use following configure files.
/etc/samba/smb.conf:
[global]
workgroup = DOMAIN
realm = DOMAIN.COM
server string = Demo Samba Server
security = ADS
username map = /etc/samba/smbusers
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
preferred master = No
local master = No
domain master = No
dns proxy = No
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /home/windomain/%D/%U
template shell = /bin/bash
winbind separator = +
/etc/krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = DOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
DOMAIN.COM = {
kdc = server.domain.com:88
admin_server = server.domain.com:749
default_domain = domain.com
}
[domain_realm]
.domain.com = DOMAIN.COM
domain.com = DOMAIN.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
/etc/nsswitch.conf:
passwd: files winbind
shadow: files
group: files winbind
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: nisplus
automount: files
aliases: files nisplus
And I update MIT Kerberos package by following steps:
1.
./configure --prefix=/usr/kerberos --localstatedir=/var/kerberos --enable-dn
s
2. make
3. make install
I entered command 'kinit administrator', and got no error message.
'klist -5' returned:
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: maor at DOMAIN.COM <http://lists.samba.org/mailman/listinfo/samba>
Valid starting Expires Service principal
12/01/03 15:37:13 12/02/03 01:37:13 krbtgt/ DOMAIN.COM at DOMAIN.COM <http://lists.samba.org/mailman/listinfo/samba>
12/01/03 15:50:33 12/02/03 01:37:13 server-file$@DOMAIN.COM
And commands
net ads join -S server.domain.com -U administrator
net rpc join -S server.domain.com -U administrator
worked fine.
I started winbindd. 'wbinfo -u' & 'wbinfo -g' can get all users & groups
from domain.
But the command 'getent passwd' could only show local accounts, without any
domain mapped accounts inside.
And /home had no any home directory created.
Who can tell me which step I made a mistake?
--------------- Logs -----------------
/var/log/samba/log.winbindd:
[2003/12/01 15:48:45, 1] nsswitch/winbindd.c:main(832)
winbindd version 3.0.0 started.
Copyright The Samba Team 2000-2003
[2003/12/01 15:48:46, 1] nsswitch/winbindd_util.c:add_trusted_domain(149)
Added domain DOMAIN.COM
[2003/12/01 15:48:46, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
krb5_cc_get_principal failed (No credentials cache found)
[2003/12/01 15:48:46, 1] nsswitch/winbindd_ads.c:ads_cached_connection(64)
ads_connect for domain DOMAIN.COM failed: Operations error
[2003/12/01 15:48:46, 1] nsswitch/winbindd_util.c:init_domain_list(284)
Could not fetch sid for our domain DOMAIN.COM
[2003/12/01 15:48:46, 1] nsswitch/winbindd_util.c:add_trusted_domains(206)
scanning trusted domain list
[2003/12/01 15:48:46, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
krb5_cc_get_principal failed (No credentials cache found)
[2003/12/01 15:49:07, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
krb5_cc_get_principal failed (No credentials cache found)
[2003/12/01 15:49:07, 1] nsswitch/winbindd_ads.c:ads_cached_connection(64)
ads_connect for domain DOMAIN.COM failed: Operations error
[2003/12/01 16:16:36, 1] nsswitch/winbindd.c:main(832)
winbindd version 3.0.0 started.
Copyright The Samba Team 2000-2003
[2003/12/01 16:16:36, 1] nsswitch/winbindd_util.c:add_trusted_domain(149)
Added domain DOMAIN.COM
[2003/12/01 16:16:36, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
krb5_cc_get_principal failed (No credentials cache found)
[2003/12/01 16:16:36, 1] nsswitch/winbindd_ads.c:ads_cached_connection(64)
ads_connect for domain DOMAIN.COM failed: Operations error
[2003/12/01 16:16:36, 1] nsswitch/winbindd_util.c:init_domain_list(284)
Could not fetch sid for our domain DOMAIN.COM
[2003/12/01 16:16:36, 1] nsswitch/winbindd_util.c:add_trusted_domains(206)
scanning trusted domain list
[2003/12/01 16:16:36, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
krb5_cc_get_principal failed (No credentials cache found)
[2003/12/01 16:16:46, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
krb5_cc_get_principal failed (No credentials cache found)
[2003/12/01 16:16:46, 1] nsswitch/winbindd_ads.c:ads_cached_connection(64)
ads_connect for domain DOMAIN.COM failed: Operations error
[2003/12/01 16:21:46, 1] nsswitch/winbindd_util.c:add_trusted_domains(206)
scanning trusted domain list
[2003/12/01 16:21:46, 0] libsmb/cliconnect.c:cli_session_setup_spnego(683)
Kinit failed: Malformed representation of principal
[2003/12/01 16:25:18, 1] nsswitch/winbindd.c:main(832)
winbindd version 3.0.0 started.
Copyright The Samba Team 2000-2003
[2003/12/01 16:25:18, 1] nsswitch/winbindd_util.c:add_trusted_domain(149)
Added domain DOMAIN DOMAIN.COM
[2003/12/01 16:25:18, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
krb5_cc_get_principal failed (No credentials cache found)
[2003/12/01 16:25:18, 1] nsswitch/winbindd_util.c:add_trusted_domains(206)
scanning trusted domain list
[2003/12/01 16:25:18, 1] nsswitch/winbindd_util.c:add_trusted_domains(206)
scanning trusted domain list
[2003/12/01 16:30:45, 1] nsswitch/winbindd_util.c:add_trusted_domains(206)
scanning trusted domain list
[2003/12/01 16:35:46, 1] nsswitch/winbindd_util.c:add_trusted_domains(206)
scanning trusted domain list
[2003/12/01 16:38:29, 1] nsswitch/winbindd.c:main(832)
winbindd version 3.0.0 started.
Copyright The Samba Team 2000-2003
[2003/12/01 16:38:29, 1] nsswitch/winbindd_util.c:add_trusted_domain(149)
Added domain DOMAIN DOMAIN.COM
[2003/12/01 16:38:29, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
krb5_cc_get_principal failed (No credentials cache found)
[2003/12/01 16:38:29, 1] nsswitch/winbindd_util.c:add_trusted_domains(206)
scanning trusted domain list
[2003/12/01 16:38:29, 1] nsswitch/winbindd_util.c:add_trusted_domains(206)
scanning trusted domain list
[2003/12/01 16:43:34, 1] nsswitch/winbindd_util.c:add_trusted_domains(206)
scanning trusted domain list
[2003/12/01 16:48:34, 1] nsswitch/winbindd_util.c:add_trusted_domains(206)
scanning trusted domain list
[2003/12/01 16:53:34, 1] nsswitch/winbindd_util.c:add_trusted_domains(206)
scanning trusted domain list
[2003/12/01 16:58:48, 1] nsswitch/winbindd_util.c:add_trusted_domains(206)
scanning trusted domain list
More information about the samba
mailing list