[Samba] getent passwd problem

subramanian.ponnusamy at iflexsolutions.com subramanian.ponnusamy at iflexsolutions.com
Thu Jan 13 23:20:36 GMT 2005 

I'm using RH9, and I have compiled samba 3.0.1 compiled from sources, 

> with the following options:

 

> ./configure --with-winbind --with-winbind-auth-challenge --with-pam \

 

> --with-acl-support --with-ldapsam --with-pam_smbpass \ --with-ads 

> --with-ldap --with-dce-dfs --with-smbwrapper --enable-pam

 

 

>  net ads join -S server.domain.com -U support  worked fine.

 

 

> I started winbindd. 'wbinfo -u' & 'wbinfo -g' can get all users & 

> groups from domain.

 

> But the command 'getent passwd' could only show local accounts, 

> without any domain mapped accounts inside.

 

> Nscd service also not running. 

 

> What could be the problem?  Could you please help me to resolve this 

> issue.

 

 

> /etc/samba/smb.conf:

 

>     [global]

>         workgroup = OP-DOM

>         realm = OPAL.I-FLEX.COM

>         server string = Samba Server

>         security = ADS

>         password server = 169.165.63.8

>         log file = /var/log/samba/log.%m

>         max log size = 50

>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

>         dns proxy = No

>         idmap uid = 10000-20000

>         idmap gid = 10000-20000

>         winbind separator = #

>         winbind use default domain = Yes

 

 

> /etc/krb5.conf:

 

> [logging]

>  default = FILE:/var/log/krb5libs.log

>  kdc = FILE:/var/log/krb5kdc.log

>  admin_server = FILE:/var/log/kadmind.log

 

> [libdefaults]

>  ticket_lifetime = 24000

>  default_realm = OPAL.I-FLEX.COM

>  dns_lookup_realm = false

>  dns_lookup_kdc = true

 

> [realms]

>  OPAL.I-FLEX.COM = {

>   kdc = mil-dc-02.opal.i-flex.com

>   admin_server = mil-dc-02.opal.i-flex.com

>   default_domain = opal.i-flex.com

>  }

 

> [domain_realm]

>  .OPAL.I-FLEX.COM = OPAL.I-FLEX.COM

>  opal.i-flex.com = OPAL.I-FLEX.COM

 

> [kdc]

>  profile = /var/kerberos/krb5kdc/kdc.conf

 

> [appdefaults]

>  pam = {

>    debug = false

>    ticket_lifetime = 36000

>    renew_lifetime = 36000

>    forwardable = true

>    krb4_convert = false

>  }

 

 

> /etc/nsswitch.conf:

 

>     passwd:     files winbind

>     shadow:     files

>     group:      files winbind

 

>     hosts:      files dns

 

>     bootparams: nisplus [NOTFOUND=return] files

 

>     ethers:     files

>     netmasks:   files

>     networks:   files

>     protocols:  files

>     rpc:        files

>     services:   files

 

>     netgroup:   files

 

>     publickey:  nisplus

 

>     automount:  files

>     aliases:    files nisplus

 

 

> --------------- Logs -----------------

 

> /var/log/samba/log.winbindd:

 

> [2005/01/14 04:03:18, 1]

> nsswitch/winbindd_util.c:add_trusted_domain(150)

>   Added domain OP-DOM OPAL.I-FLEX.COM

> [2005/01/14 04:03:18, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)

>   krb5_cc_get_principal failed (No credentials cache found)

> [2005/01/14 04:03:20, 1]

> nsswitch/winbindd_util.c:add_trusted_domains(207)

>   scanning trusted domain list

> [2005/01/14 04:03:21, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)

>   krb5_get_credentials failed for singdc03$@SING.I-FLEX.COM (Cannot 

> find KDC for requested realm)

> [2005/01/14 04:03:22, 1]

> nsswitch/winbindd_util.c:add_trusted_domain(150)

>   Added domain SING sing.i-flex.com

> S-1-5-21-1390067357-1214440339-725345543

> [2005/01/14 04:03:22, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)

>   krb5_get_credentials failed for ch-dc-02$@CH.I-FLEX.COM (Cannot find


> KDC for requested realm)

> [2005/01/14 04:03:22, 1]

> nsswitch/winbindd_util.c:add_trusted_domain(150)

>   Added domain CH-DOM ch.i-flex.com

> S-1-5-21-1937329982-1241017600-1843927889

> [2005/01/14 04:03:32, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)

>   krb5_get_credentials failed for pu-dc-02$@PUNE.I-FLEX.COM (Cannot 

> find KDC for requested realm)

> [2005/01/14 04:03:32, 1]

> nsswitch/winbindd_util.c:add_trusted_domain(150)

>   Added domain PUNENTDOM pune.i-flex.com

> S-1-5-21-475882704-881679878-1537874043

> [2005/01/14 04:03:33, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)

>   krb5_get_credentials failed for spz-dc-01$@SPZ.I-FLEX.COM (Cannot 

> find KDC for requested realm)

> [2005/01/14 04:03:33, 1]

> nsswitch/winbindd_util.c:add_trusted_domain(150)

>   Added domain SDF1-NT-DOM spz.i-flex.com

> S-1-5-21-1549417937-415303249-622671684

> [2005/01/14 04:03:33, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)

>   krb5_get_credentials failed for dcroot$@I-FLEX.COM (Cannot find KDC 

> for requested realm)

> [2005/01/14 04:03:33, 1]

> nsswitch/winbindd_util.c:add_trusted_domain(150)

>   Added domain I-FLEX i-flex.com

> S-1-5-21-1202660629-796845957-1801674531

> [2005/01/14 04:03:33, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)

>   krb5_get_credentials failed for jbdc01$@VP.I-FLEX.COM (Cannot find 

> KDC for requested realm)

> [2005/01/14 04:03:34, 1]

> nsswitch/winbindd_util.c:add_trusted_domain(150)

>   Added domain VPNTDOM vp.i-flex.com

> S-1-5-21-635063025-298412223-930774774

> [2005/01/14 04:03:34, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)

>   krb5_get_credentials failed for cvr-dc-01$@RT.I-FLEX.COM (Cannot 

> find KDC for requested realm)

> [2005/01/14 04:03:34, 1]

> nsswitch/winbindd_util.c:add_trusted_domain(150)

>   Added domain RT-DOM rt.i-flex.com

> S-1-5-21-1839471235-300689253-1848903544

> [2005/01/14 04:03:50, 1]

> nsswitch/winbindd_util.c:add_trusted_domain(150)

>   Added domain FCATDOM  S-1-5-21-236523578-706837566-311576647

> [2005/01/14 04:03:51, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)

>   krb5_get_credentials failed for nydc03$@NY.I-FLEX.COM (Cannot find 

> KDC for requested realm)

> [2005/01/14 04:03:53, 1]

> nsswitch/winbindd_util.c:add_trusted_domain(150)

>   Added domain NY-DOM ny.i-flex.com S-0-0

> [2005/01/14 04:03:54, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)

>   krb5_get_credentials failed for nydc03$@NY.I-FLEX.COM (Cannot find 

> KDC for requested realm)

> [2005/01/14 04:03:54, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)

 

 

 

 

 

 

 

> [root at squid bin]# klist

 

> Ticket cache: FILE:/tmp/krb5cc_0

 

> Default principal: support at OPAL.I-FLEX.COM

 

 

 

> Valid starting     Expires            Service principal

 

> 01/14/05 01:42:55  01/14/05 09:43:20

> krbtgt/OPAL.I-FLEX.COM at OPAL.I-FLEX.COM

 

 

 

 

 

> Kerberos 4 ticket cache: /tmp/tkt0

 

> klist: You have no tickets cached

 

 

Thanks and Regards,

Subbu

Iflex Centre,

Iflex solutions Ltd.

Bangalore-+91-80-57596014

 



DISCLAIMER:
This message contains privileged and confidential information and is intended only for the individual named.If you are not the intended recipient you should not disseminate,distribute,store,print, copy or deliver this message.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain viruses.The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.

More information about the samba mailing list