[Samba] Winbind do not maintains mappings between UIDs, GIDs and SIDs

OgeeN cervenka at sps-pi.cz
Thu Dec 7 09:57:22 GMT 2006

I´m trying to use winbind to allow my AD users to logon to our linux
I´m using FC6 and Samba 3.0.23c-2.
I have several problems:

1. When I start linux machine and immediately ofter logging in I try to
check trust secret by running wbinfo -t
I receive this error:
checking the trust secret via RPC calls failed
error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
could not check secret

When I try to run wbinfo -t after a short while it returns:
checking the trust secret via RPC calls succeeded.

Is this normal behaviour?

2.Winbind do not maintain mappings between UIDs, GIDs and SIDs
Winbindd and smbd are running, but when I run getent passwd I receive list
linux local users. And I´m not able to login to my linux machine until I
add information about user in \etc\paswd. But this is unacceptable for me
because I have
600+ users in my domain. Is there way how to make winbind to automaticaly
update user mappings?

3. When I manually add informations about user into passwd I´m able to login
after inserting username I have to insert my password twice. Where can be
the problem?

My configuration files:

My smb.conf:
workgroup = MYDOMAIN.COM
server string = Samba Server
security = domain
winbind separator = \
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/winnt/%U
template shell = /bin/bash
winbind use default domain = true
winbind cache time = 10
encrypt passwords = yes
winbind trusted domains only = yes
obey pam restrictions = yes
password server = server.mydomain.com
comment = Home Directories
browseable = no
writable = yes

My nsswitch.conf:

passwd:     files winbind
shadow:     files winbind
group:      files winbind
hosts:      files dns
bootparams: nisplus [NOTFOUND=return] files
ethers:     files
netmasks:   files
networks:   files
protocols:  files winbind
rpc:        files
services:   files winbind
netgroup:   files winbind
publickey:  nisplus
automount:  files winbind
aliases:    files nisplus

My pam.d configuration:
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_winbind.so
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     sufficient    pam_winbind.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass
password    sufficient    pam_winbind.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond
quiet use_uid
session     required      pam_unix.so

session     required    pam_mkhomedir.so skel=/etc/skel/ umask=0022

Thanks for any help.

View this message in context: http://www.nabble.com/Winbind-do-not-maintains-mappings-between-UIDs%2C%09GIDs-and-SIDs-tf2773361.html#a7736155
Sent from the Samba - General mailing list archive at Nabble.com.

More information about the samba mailing list