[Samba] Winbind Problem after Update from 3.0.21b -> 3.0.23b

Thomas Robers samba at tutech.de
Tue Aug 22 11:22:32 GMT 2006

Hi all,

we're using Winbind on a Solaris 9 machine to authenticate our Users, who
are held in a Windows 2003SP1 AD. We are now using Samba 3.0.21b and everything
works as expected. I configured the nsswitch and installed "libnss_winbind.so"
and "pam_winbind.so" as described in the documentation and winbind is able
to resolve the AD users and groups and the useres are able to login to the

All Samba versions I tried are compiled from source with GCC version 3.2.2
from sunfreeware.com.
They are all configured as follows:

./configure	  --prefix=$PREFIX \
                  --bindir=$PREFIX/bin \
                  --sbindir=$PREFIX/sbin \
                  --libexecdir=$PREFIX/libexec \
                  --datadir=/var/samba \
                  --sysconfdir=/etc/samba \
                  --sharedstatedir=/var/samba \
                  --localstatedir=/var/samba \
                  --libdir=/opt/samba/lib \
                  --enable-shared=yes \
                  --with-privatedir=/var/samba \
                  --with-lockdir=/var/lock/samba \
                  --with-piddir=/var/lock/samba \
                  --with-configdir=/etc/samba \
                  --with-logfilebase=/var/log/samba \
                  --with-libdir=/opt/samba/lib \
                  --with-readline=/usr/local/lib \
                  --with-libiconv=/usr/local \
                  --with-krb5=/opt/mit-krb5 \
                  --with-automount=yes \
                  --with-pam=yes \
                  --with-ads=yes \
                  --with-acl-support=yes \
                  --with-pam=yes \
                  --with-pam_smbpass=yes \
                  --with-included-popt \

After compiling I copied "libnss_windbind.so" to "/lib" and
made some symbolic links to:

libnss_winbind.so.1 -> libnss_winbind.so
libnss_winbind.so.2 -> libnss_winbind.so
nss_winbind.so.1 -> libnss_winbind.so
nss_winbind.so.2 -> libnss_winbind.so

I also copied "pam_winbind.so" to "/lib/security". And that worked until
version 3.0.22 (which I tried also). Since Version 3.0.23 it doesn't work
anymore and winbind isn't able to get the users/groups from our Windows 2003SP1 AD.
When I do a "wbinfo -u" I get "Error looking up domain users" and the winbind logfile
tells me:

[2006/08/21 17:28:46, 6] nsswitch/winbindd.c:new_connection(601)
  accepted socket 18
[2006/08/21 17:28:46, 10] nsswitch/winbindd.c:process_request(287)
  process_request: request fn INTERFACE_VERSION
[2006/08/21 17:28:46, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(474)
  [    0]: request interface version
[2006/08/21 17:28:46, 10] nsswitch/winbindd.c:process_request(287)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2006/08/21 17:28:46, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(507)
  [    0]: request location of privileged pipe
[2006/08/21 17:28:46, 6] nsswitch/winbindd.c:new_connection(601)
  accepted socket 19
[2006/08/21 17:28:46, 10] nsswitch/winbindd.c:process_request(287)
  process_request: request fn LIST_USERS
[2006/08/21 17:28:46, 3] nsswitch/winbindd_user.c:winbindd_list_users(734)
  [    0]: list users
[2006/08/21 17:28:46, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(399)
  refresh_sequence_number: WK time ok
[2006/08/21 17:28:46, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(427)
  refresh_sequence_number: WK seq number is now -1
[2006/08/21 17:28:46, 10] nsswitch/winbindd_cache.c:wcache_server_down(297)
  wcache_server_down: server for Domain WK down
[2006/08/21 17:28:46, 10] nsswitch/winbindd_cache.c:centry_expired(469)
  centry_expired: Key UL/TV for domain WK is good.
[2006/08/21 17:28:46, 10] nsswitch/winbindd_cache.c:wcache_fetch(556)
  wcache_fetch: returning entry UL/TV for domain WK
[2006/08/21 17:28:46, 10] nsswitch/winbindd_cache.c:query_user_list(958)
  query_user_list: [Cached] - cached list for domain WK status: NT_STATUS_UNSUCCESSFUL

which does not really helps me to find the problem.

The /etc/samba/smb.conf file looks like:

        workgroup = WK
        realm = WK.DOMAIN.DE
        security = ADS
        winbind separator = \
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        template homedir = /home/%U
        template shell = /bin/sh
        password server = passwd.domain.de
#       display charset = ISO8859-15
#       unix charset = ISO8859-15
        winbind use default domain = yes
        log file = /var/log/samba/log.%m
        log level = winbind:15
#       client use spnego = yes
#       client schannel = no

If I switch back to version 3.0.21b or even 3.0.22 with the same configuration
everythings OK immediately and the nsswitch works as it should; winbind is able to lookup
the AD users and groups and the users are able to login to the system.

I searched the archives but couldn't find anybody with a similar problem when
upgrading. And the changelog doesn't tell me anything that I should be aware of,
or have I missed something? Is there any futher possibility to debug the error?
Or is there possibly somebody with a similar problem and was able to solve this?
Any suggestions are welcome.

Many thanks in advance!


More information about the samba mailing list