[Samba] winbind lookup errors

Vaughan, Ben R [ECSS] benvon at iastate.edu
Fri Jul 22 13:38:52 GMT 2005 

Hello Samba folks,

I have recently begun seeing some disturbing behavior from winbind.
Winbind will fail to look up users and groups.  Examples:

The machine is configured to use winbind as a nss module.

"getent passwd <username>" will yield no results.

"wbinfo -n <username>" will yield "Could not lookup name <username>"

"wbinfo -g" works... all of the domain groups are dumped

"wbinfo -u" works.

"wbinfo -t" says everything is ok.

"net ads testjoin" says everything is ok.

I have turned off winbind caching (by adding the -n flag) and have set
"winbind cache time = 0" in smb.conf in an attempt to remove caching as
a culprit.  

Any help would be greatly appreciated.  This problem is affecting quite
a few of my servers (around a dozen).  

Interesting data is included below.

Thanks,

Ben Vaughan
College of Engineering
Iowa State University

Here is a log level 10 dump from winbind.log after running "wbinfo -n
benvon" (my username):

[2005/07/22 08:33:19, 6] nsswitch/winbindd.c:new_connection(603)
  accepted socket 19
[2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332)
  process_request: request fn INTERFACE_VERSION
[2005/07/22 08:33:19, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(460)
  [    0]: request interface version
[2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2005/07/22 08:33:19, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493)
  [    0]: request location of privileged pipe
[2005/07/22 08:33:19, 6] nsswitch/winbindd.c:new_connection(603)
  accepted socket 21
[2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332)
  process_request: request fn INFO
[2005/07/22 08:33:19, 3] nsswitch/winbindd_misc.c:winbindd_info(448)
  [    0]: request misc info
[2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332)
  process_request: request fn DOMAIN_NAME
[2005/07/22 08:33:19, 3]
nsswitch/winbindd_misc.c:winbindd_domain_name(470)
  [    0]: request domain name
[2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332)
  process_request: request fn LOOKUPNAME
[2005/07/22 08:33:19, 3]
nsswitch/winbindd_sid.c:winbindd_lookupname(103)
  [    0]: lookupname ENGR\benvon
[2005/07/22 08:33:19, 5] nsswitch/winbindd_async.c:lookupname_recv(627)
  lookup_name returned an error
[2005/07/22 08:33:19, 5] nsswitch/winbindd_sid.c:lookupname_recv(116)
  lookupname returned an error


And a log level 10 dump from winbind.log after running "wbinfo -r
benvon"

[2005/07/22 08:34:12, 6] nsswitch/winbindd.c:new_connection(603)
  accepted socket 19
[2005/07/22 08:34:12, 10] nsswitch/winbindd.c:process_request(332)
  process_request: request fn INTERFACE_VERSION
[2005/07/22 08:34:12, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(460)
  [    0]: request interface version
[2005/07/22 08:34:12, 10] nsswitch/winbindd.c:process_request(332)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2005/07/22 08:34:12, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493)
  [    0]: request location of privileged pipe
[2005/07/22 08:34:12, 6] nsswitch/winbindd.c:new_connection(603)
  accepted socket 21
[2005/07/22 08:34:12, 10] nsswitch/winbindd.c:process_request(332)
  process_request: request fn GETGROUPS
[2005/07/22 08:34:12, 3]
nsswitch/winbindd_group.c:winbindd_getgroups(916)
  [    0]: getgroups benvon
[2005/07/22 08:34:12, 7]
nsswitch/winbindd_group.c:winbindd_getgroups(952)
  winbindd_getpwnam: My domain -- rejecting getgroups() for ENGR\benvon.



Here is my smb.conf:

[global]
        #unix charset = UTF8
        workgroup = ENGR
        realm = ENGR.super.secret
        server string = Samba 3 server
        security = ADS
        #password server = domain.controller.example
        username map = /etc/samba/smbusers
        guest ok = no
        log file = /var/log/samba/%m.log
        max log size = 50
        log level = 1


        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        dns proxy = No
        wins server = xxx, yyy
        idmap uid = 100000-200000
        idmap gid = 100000-200000
        winbind enum users = no
        winbind enum groups = no
        winbind use default domain = yes
        winbind trusted domains only = yes
        winbind cache time = 0
        wins support = no
        
        map hidden = no
        map archive = no
        map system = no

        # we had to do this... hope it helps. Don't confuse this with
file locking
        # this turns off file caching on the client.
        oplocks = no




Engineering Computing Support Services
CLUE Network Admin
2240 Hoover Hall
515 294 1629
benvon at iastate.edu

More information about the samba mailing list