[Samba] getent and wbinfo not returning expected results?
mpartyka at gmail.com
Fri Sep 16 19:35:02 GMT 2005
On Sep 16, 2005, at 2:11 PM, John H Terpstra wrote:
> On Friday 16 September 2005 12:14, Doug Sampson wrote:
>>> I did and this did address the wbinfo -u OR -g output but the getent
>>> passwd OR group, is still only listing the local users and groups
>> <sigh> According to the Samba docs, it's either the NSS switch or
>> the PAM
>> modules or both that appear to be preventing the enumeration of
>> users/groups. I have on hand TOSHARG and the 'Samba-3 By Examples'
>> Check page 228 section 12 in 'Samba-3 by Examples' and you will
>> see what I
>> am referring to.
> If 'wbinfo -u' returns the domain user list, but 'getent passwd'
> does not,
> this means that NSS is not working. It has nothing to do with PAM.
>> I'm using FreeBSD and their NSS libraries are different from
>> Linux's and
>> I'm wondering if that is the cause. FreeBSD uses nss_winbind.so.1
>> there are numerous references to libnss_winbind.so.2 in TOSHARG
>> which is
>> based on Linux. I fear FreeBSD's GCC compiler is either older and/or
>> different than Linux's. What distro are you using?
> Have you joined the Samba server to the domain?
> What do 'net rpc info' and 'net ads info' report?
net rpc info returns nothing
net ads info, returns:
msp1intmx01:~ # net ads info
LDAP server: 184.108.40.206
LDAP server name: msp1intmx02
Bind Path: dc=DOMAIN,dc=COM
LDAP port: 389
Server time: Fri, 16 Sep 2005 14:17:38 GMT
KDC server: 220.127.116.11
Server time offset: 0
I didn't think i was using ldap to store the idmap values for users,
i thought the smb.conf setting idmap backend=idmap_rid
> Is winbindd running?
> Did you rename the libnss_winbind.so.2 file to nss_winbind.so.1?
No, i did not see that step in any of the documentation i have used.
I did this and restarted winbind but it seemed to have no effect.
> Did you locate this in the /lib or the /usr/lib directory?
in the /lib directory only
> What error logs are you seeing in /var/adm/messages?
I am seeing a number of messages like this:
Sep 16 14:21:17 msp1intmx01 winbindd:
rid_idmap_get_id_from_sid: rid: 1157 (UID: 1657) too high
for mapping of domain: JUMPNODE (500-1000)
Which i assume is related to the fact that i changed the
idmap_backend setting earlier this morning in the smb.conf file.
Here is what it currently set to:
idmap backend = idmap_rid:JUMPNODE=500-1000
idmap uid = 500-1000
idmap gid = 500-1000
This morning the idmap_backend had a range of 500-5000 but then i ran
winbindd -i -d3 and i saw winbind complaining about the range being
set too high, and i adjusted it down. Is there someplace i need to
clear the old values from? I have since restarted winbind several
times but that does not seem to be sufficient.
> John H Terpstra
> Samba-Team Member
> Phone: +1 (650) 580-8668
> The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228
> Samba-3 by Example, 2 Ed., ISBN: 0131882221X
> Hardening Linux, ISBN: 0072254971
> Other books in production.
Jumpnode Systems, LLC
More information about the samba