[Samba] getent and wbinfo not returning expected results?

Mike Partyka mpartyka at gmail.com
Fri Sep 16 19:35:02 GMT 2005 

On Sep 16, 2005, at 2:11 PM, John H Terpstra wrote:

> On Friday 16 September 2005 12:14, Doug Sampson wrote:
>
>>> I did and this did address the wbinfo -u OR -g output but the getent
>>> passwd OR group, is still only listing the local users and groups
>>>
>>
>> <sigh> According to the Samba docs, it's either the NSS switch or  
>> the PAM
>> modules or both that appear to be preventing the enumeration of
>> users/groups. I have on hand TOSHARG and the 'Samba-3 By Examples'  
>> books.
>> Check page 228 section 12 in 'Samba-3 by Examples' and you will  
>> see what I
>> am referring to.
>>
>
> If 'wbinfo -u' returns the domain user list, but 'getent passwd'  
> does not,
> this means that NSS is not working. It has nothing to do with PAM.
>
>
>>
>> I'm using FreeBSD and their NSS libraries are different from  
>> Linux's and
>> I'm wondering if that is the cause. FreeBSD uses nss_winbind.so.1  
>> whereas
>> there are numerous references to libnss_winbind.so.2 in TOSHARG  
>> which is
>> based on Linux. I fear FreeBSD's GCC compiler is either older and/or
>> different than Linux's. What distro are you using?
>>
>
> Have you joined the Samba server to the domain?
> What do 'net rpc info' and 'net ads info' report?

net rpc info returns nothing

net ads info, returns:

     msp1intmx01:~ # net ads info
     LDAP server: 71.4.126.89
     LDAP server name: msp1intmx02
     Realm: DOMAIN.COM
     Bind Path: dc=DOMAIN,dc=COM
     LDAP port: 389
     Server time: Fri, 16 Sep 2005 14:17:38 GMT
     KDC server: 71.4.126.89
     Server time offset: 0

I didn't think i was using ldap to store the idmap values for users,  
i thought the smb.conf setting idmap backend=idmap_rid
>
> Is winbindd running?
Yes
>
> Did you rename the libnss_winbind.so.2 file to nss_winbind.so.1?
No, i did not see that step in any of the documentation i have used.  
I did this and restarted winbind but it seemed to have no effect.
> Did you locate this in the /lib or the /usr/lib directory?
in the /lib directory only
>
> What error logs are you seeing in /var/adm/messages?
I am seeing a number of messages like this:

     Sep 16 14:21:17 msp1intmx01 winbindd[23202]:    
rid_idmap_get_id_from_sid: rid: 1157 (UID: 1657) too high
     for mapping of domain: JUMPNODE (500-1000)

Which i assume is related to the fact that i changed the  
idmap_backend setting earlier this morning in the smb.conf file.

Here is what it currently set to:

    idmap backend = idmap_rid:JUMPNODE=500-1000
    idmap uid = 500-1000
    idmap gid = 500-1000

This morning the idmap_backend had a range of 500-5000 but then i ran  
winbindd -i -d3 and i saw winbind complaining about the range being  
set too high, and i adjusted it down. Is there someplace i need to  
clear the old values from? I have since restarted winbind several  
times but that does not seem to be sufficient.

Thank You,

> John H Terpstra
> Samba-Team Member
> Phone: +1 (650) 580-8668
>
> Author:
> The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228
> Samba-3 by Example, 2 Ed., ISBN: 0131882221X
> Hardening Linux, ISBN: 0072254971
> Other books in production.
>

Mike Partyka
Jumpnode Systems, LLC
Systems Administrator
(612)605-5056 Desk
(612)605-5099 Fax

More information about the samba mailing list