[Samba] problem using 'winbind nss info =' statement

Jonathan C. Detert detertj at msoe.edu
Fri Feb 10 22:37:13 GMT 2006 

When winbind is configured without the 'winbind nss info =' statement
(i.e. such that winbind maintains its own local map of SIDs -> UID/GIDs),
the following works fine:
        # cd ~detertj
        # getent passwd detertj
        detertj:x:10008:10000:detertj:/home/MSOE/detertj:/bin/bash

but when i try to make winbind use sfu for the mapping of SID ->
UID/GID, username lookups are failing:
        # cd ~detertj
        -bash: cd: ~detertj: No such file or directory
        # getent passwd detertj
        #

However, either way, when trying to use nss info = sfu, or not, wbinfo
is able to do look ups just fine:
        # wbinfo -n detertj
        S-1-5-21-2143970516-726479814-926709054-4514 User (1)
        # wbinfo -u | grep -i detertj
        detertj
        # wbinfo -s S-1-5-21-2143970516-726479814-926709054-4514
        MSOE+detertj 1
        #

Since i successfully use nss_ldap on other boxen, relying on sfu from MsAD,
I'm inclined to believe that the problem isn't with sfu on the MsAD DCs.

Btw, this is with samba and winbind v3.0.21a.

Here's the pertinent smb.conf verbage when I'm NOT using 'nss info = sfu':
   winbind enum groups = yes
   winbind enum users = yes
   winbind separator = +
   winbind nested groups = yes
   winbind use default domain = yes

   idmap gid = 10000-35000
   idmap uid = 10000-35000

   template homedir = /home/%D/%U
   template shell = /bin/bash

Here's the pertinent smb.conf verbage when I'm trying to use 'nss info = sfu':
   winbind enum groups = yes
   winbind enum users = yes
   winbind separator = +
   winbind nested groups = yes
   winbind use default domain = yes
   winbind nss info = sfu

   idmap backend = idmap_ad

   template homedir = /home/%D/%U
   template shell = /bin/bash

BTW, lookups failed with nss info set to sfu, regardless of whether I specified
the 'idmap uid' and 'idmap gid' statements (are they needed when using nss info = sfu?).

Any ideas what's wrong or what to try?  aTdHvAaNnKcSe
-- 
Happy Landings,

Jon Detert
IT Systems Administrator, Milwaukee School of Engineering
1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A.

More information about the samba mailing list