[Samba] winbind nss info = sfu is not so much working

Jonathan C. Detert detertj at msoe.edu
Fri Apr 28 13:20:01 GMT 2006 

* Jonathan C. Detert <detertj at msoe.edu> [060427 12:40]:
> one problem ...
> 
> * Jonathan C. Detert <detertj at msoe.edu> [060427 12:11]:
> > * Guenther Deschner <gd at samba.org> [060427 11:56]:
> > > On Thu, Apr 27, 2006 at 11:21:45AM -0500, Jonathan C. Detert wrote:
> > > > with samba 3.0.22, I'm trying to integrate a linux box with Microsoft AD
> > > > by using winbind for authentication as well as for the source of nss info.
> > > > 
> > > > When winbind is configured to use its own local id maps, everything
> > > > works fine.
> > > > 
> > > > But when i configure winbind to use 'ad' as the source of nss info,
> > > > authentication fails, 'getent' commands return no results, and
> > > > 'wbinfo -r someusername' returns nothing (though wbinfo -u and -g work
> > > > correctly).
> > 
> > -- snip --
> > 
> > > > And here is how smb.conf looks when winbind is configed to use AD for
> > > > nss:
> > > > --------------
> > > >    winbind enum groups = yes
> > > >    winbind enum users = yes
> > > >    winbind separator = +
> > > >    winbind nested groups = yes
> > > >    winbind nss info = sfu
> > > >    winbind use default domain = yes
> > > > 
> > > >    idmap backend = ad
> > > 
> > > You still need to have the idmap ranges set so that winbind does not fall
> > > into the "netlogon proxy only" mode. Does it work then?
> > 
> > Yes, thanks!  I don't understand that at all.  What is 'netlogon proxy only'
> 
> I spoke too soon: _most_ things work now.  The things which didn't work
> before, are now working.  However, one thing is not working:
> 
>         the inability to map a uid or gid into a name.
> 
> For example:
>         - 'id -G detertj' works, but 'id -Gn detertj' does not.
>         - when i login on the console of the samba box, my shell prompt,
>           which would usually say 'detertj at nameofhost', says instead
>           'I have no name!@nameofhost'.

This problem mysteriously fixed itself.  I had to stop working on this
problem for a while.  By the time I came back to it, about 2 hours
later, the problem was gone.  Everything works as desired now.  My guess
is that there was some sort of timing issue that kept winbind from
knowing how to mad names to uids, and that I just hadn't waited long
enough at first.
-- 
Happy Landings,

Jon Detert
IT Systems Administrator, Milwaukee School of Engineering
1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A.

More information about the samba mailing list