[Samba] winbind lookup errors
Vaughan, Ben R [ECSS]
benvon at iastate.edu
Fri Jul 22 13:38:52 GMT 2005
Hello Samba folks,
I have recently begun seeing some disturbing behavior from winbind.
Winbind will fail to look up users and groups. Examples:
The machine is configured to use winbind as a nss module.
"getent passwd <username>" will yield no results.
"wbinfo -n <username>" will yield "Could not lookup name <username>"
"wbinfo -g" works... all of the domain groups are dumped
"wbinfo -u" works.
"wbinfo -t" says everything is ok.
"net ads testjoin" says everything is ok.
I have turned off winbind caching (by adding the -n flag) and have set
"winbind cache time = 0" in smb.conf in an attempt to remove caching as
a culprit.
Any help would be greatly appreciated. This problem is affecting quite
a few of my servers (around a dozen).
Interesting data is included below.
Thanks,
Ben Vaughan
College of Engineering
Iowa State University
Here is a log level 10 dump from winbind.log after running "wbinfo -n
benvon" (my username):
[2005/07/22 08:33:19, 6] nsswitch/winbindd.c:new_connection(603)
accepted socket 19
[2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332)
process_request: request fn INTERFACE_VERSION
[2005/07/22 08:33:19, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(460)
[ 0]: request interface version
[2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332)
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2005/07/22 08:33:19, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493)
[ 0]: request location of privileged pipe
[2005/07/22 08:33:19, 6] nsswitch/winbindd.c:new_connection(603)
accepted socket 21
[2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332)
process_request: request fn INFO
[2005/07/22 08:33:19, 3] nsswitch/winbindd_misc.c:winbindd_info(448)
[ 0]: request misc info
[2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332)
process_request: request fn DOMAIN_NAME
[2005/07/22 08:33:19, 3]
nsswitch/winbindd_misc.c:winbindd_domain_name(470)
[ 0]: request domain name
[2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332)
process_request: request fn LOOKUPNAME
[2005/07/22 08:33:19, 3]
nsswitch/winbindd_sid.c:winbindd_lookupname(103)
[ 0]: lookupname ENGR\benvon
[2005/07/22 08:33:19, 5] nsswitch/winbindd_async.c:lookupname_recv(627)
lookup_name returned an error
[2005/07/22 08:33:19, 5] nsswitch/winbindd_sid.c:lookupname_recv(116)
lookupname returned an error
And a log level 10 dump from winbind.log after running "wbinfo -r
benvon"
[2005/07/22 08:34:12, 6] nsswitch/winbindd.c:new_connection(603)
accepted socket 19
[2005/07/22 08:34:12, 10] nsswitch/winbindd.c:process_request(332)
process_request: request fn INTERFACE_VERSION
[2005/07/22 08:34:12, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(460)
[ 0]: request interface version
[2005/07/22 08:34:12, 10] nsswitch/winbindd.c:process_request(332)
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2005/07/22 08:34:12, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493)
[ 0]: request location of privileged pipe
[2005/07/22 08:34:12, 6] nsswitch/winbindd.c:new_connection(603)
accepted socket 21
[2005/07/22 08:34:12, 10] nsswitch/winbindd.c:process_request(332)
process_request: request fn GETGROUPS
[2005/07/22 08:34:12, 3]
nsswitch/winbindd_group.c:winbindd_getgroups(916)
[ 0]: getgroups benvon
[2005/07/22 08:34:12, 7]
nsswitch/winbindd_group.c:winbindd_getgroups(952)
winbindd_getpwnam: My domain -- rejecting getgroups() for ENGR\benvon.
Here is my smb.conf:
[global]
#unix charset = UTF8
workgroup = ENGR
realm = ENGR.super.secret
server string = Samba 3 server
security = ADS
#password server = domain.controller.example
username map = /etc/samba/smbusers
guest ok = no
log file = /var/log/samba/%m.log
max log size = 50
log level = 1
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
wins server = xxx, yyy
idmap uid = 100000-200000
idmap gid = 100000-200000
winbind enum users = no
winbind enum groups = no
winbind use default domain = yes
winbind trusted domains only = yes
winbind cache time = 0
wins support = no
map hidden = no
map archive = no
map system = no
# we had to do this... hope it helps. Don't confuse this with
file locking
# this turns off file caching on the client.
oplocks = no
Engineering Computing Support Services
CLUE Network Admin
2240 Hoover Hall
515 294 1629
benvon at iastate.edu
More information about the samba
mailing list