[Samba] winbindd to NT 4.0
Travis Bullock
tbullock at avmax.ca
Mon Dec 11 22:30:05 GMT 2006
Thanks man.
I had to redo the setfacl commands on the folders but other than that it is all working normally now.
WHEW!
Travis Bullock
Systems Administrator
Avmax Group Inc.
----- Original Message -----
From: Michael Coburn <mcoburn at jupiterimages.com>
To: samba <samba at lists.samba.org>
Sent: Monday, December 11, 2006 3:14:47 PM GMT-0700 US/Mountain
Subject: Re: [Samba] winbindd to NT 4.0
I'm not sure why this happens either. It's as if Samba and/or Windows
taints the idmap file, maybe through a system crash or corruption when
the file is updated?
Just to be safe, I would mount those shares from a Windows machine and
confirm that the ACLs are still correct and work as you expect.
--
Michael Coburn
Travis Bullock wrote:
> Thanks Michael, I really appreciate the help and that worked like a charm.
>
> Any idea why it would have "broke"?
>
> Cheers,
>
> Travis Bullock
> Systems Administrator
> Avmax Group Inc.
>
>
> ----- Original Message -----
> From: Michael Coburn <mcoburn at jupiterimages.com>
> To: samba <samba at lists.samba.org>
> Sent: Monday, December 11, 2006 1:50:39 PM GMT-0700 US/Mountain
> Subject: Re: [Samba] winbindd to NT 4.0
>
> Take a backup up of your winbindd_idmap.tdb file, delete the current one
> (on Ubuntu 6.06 it's in /var/lib/samba), restart winbind, and see if you
> can chown the group.
> --
> Michael Coburn
>
> Travis Bullock wrote:
>
>> Another snippet showing up in the winbind.log:
>>
>> [2006/12/11 13:00:01, 10] nsswitch/winbindd.c:process_request(287)
>> process_request: request fn GETGROUPS
>> [2006/12/11 13:00:01, 3] nsswitch/winbindd_group.c:winbindd_getgroups(991)
>> [ 0]: getgroups root
>> [2006/12/11 13:00:01, 5] nsswitch/winbindd_group.c:winbindd_getgroups(1008)
>> Could not parse domain user: root
>> [2006/12/11 13:00:01, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1953)
>> Retrieving response for pid 12781
>> [2006/12/11 13:00:01, 5] nsswitch/winbindd_async.c:winbindd_gettoken_async(1002)
>> Could not find domain from SID S-1-22-1-0
>>
>>
>> Travis Bullock
>> Systems Administrator
>> Avmax Group Inc.
>>
>>
>> ----- Original Message -----
>> From: Travis Bullock <tbullock at avmax.ca>
>> To: samba <samba at lists.samba.org>
>> Sent: Monday, December 11, 2006 11:46:02 AM GMT-0700 US/Mountain
>> Subject: Re: [Samba] winbindd to NT 4.0
>>
>> Further to this issue, here is the error message in /var/log/samba/winbind.log when I execute the following command:
>>
>> chown -R root:'avmax+domain admins' AC_Manuals
>>
>> [2006/12/11 12:52:13, 10] sam/idmap_util.c:idmap_sid_to_gid(99)
>> sid_to_gid: sid = [S-1-5-21-1488804738-1547898658-398547282-512]
>> [2006/12/11 12:52:13, 5] passdb/pdb_interface.c:pdb_default_sid_to_id(1292)
>> Sid S-1-5-21-1488804738-1547898658-398547282-512 is neither ours nor builtin, don't know it
>> [2006/12/11 12:52:13, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(306)
>> error converting unix gid to sid
>>
>> Cheers,
>>
>> Travis Bullock
>> Systems Administrator
>> Avmax Group Inc.
>>
>>
>> ----- Original Message -----
>> From: Travis Bullock <tbullock at avmax.ca>
>> To: samba <samba at lists.samba.org>
>> Sent: Saturday, December 9, 2006 4:29:02 PM GMT-0700 US/Mountain
>> Subject: Re: [Samba] winbindd to NT 4.0
>>
>> Anyone have any ideas?
>>
>> Travis Bullock
>> Systems Administrator
>> Avmax Group Inc.
>>
>>
>> ----- Original Message -----
>> From: Travis Bullock <tbullock at avmax.ca>
>> To: samba <samba at lists.samba.org>
>> Sent: Friday, December 8, 2006 10:56:16 AM GMT-0700 US/Mountain
>> Subject: [Samba] winbindd to NT 4.0
>>
>> Hi,
>>
>> I have a Samba server Version 3.0.14a-2. It has been working flawlessly for close to a year. I utilize winbindd to a NT4.0 domain to authenticate users to my Samba shares.
>>
>> All of a sudden, the shares are no longer accessible to Windows machines. An ls on an example directory shows:
>>
>> drwxrws--- 15 root 10000 4096 Dec 6 11:21 AC_Manuals
>>
>> This is wierd because the 10000 should show AVMAX+Domain Admins
>>
>> So wbinfo -g works. It displays the Domain Accounts on my NT4.0 PDC.
>>
>> However, when I try and chown a directory, this is what I get:
>>
>> [root at gfm-atlas GFM_Shares]# chown -R root:'amvax+domain admins' AC_Manuals/
>> chown: `root:amvax+domain admins': invalid group
>>
>> Nor can I use setfacl commands.
>>
>> net rpc join worked fine for me when I tried to re-join the Domain
>>
>> I am not running nscd
>>
>> Any suggestions would be appreciated.
>>
>> Cheers,
>>
>> Travis Bullock
>>
>>
>>
>>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list