[Samba] Re: wbinfo_group.pl / wbinfo -r not working!

Adam Bruncaj abruncaj at gmail.com
Tue Feb 28 17:59:08 GMT 2006 

Sorry, I did not include my distro.

Fedora Core 4 - 2.6.11-1.1369_FC4 #1 Thu Jun 2 22:55:56 EDT 2005 i686
i686 i386 GNU/Linux

TIA


On 2/27/06, Adam Bruncaj <abruncaj at gmail.com> wrote:
> Hello,
>
> I have been using samba to authenticate my squid users to Active
> Directory. Because of the amount of users, I would like to set up my
> ACL's based on groups, rather than individual user accounts.
>
> I have successfully joined my samba box to our windows domain (2k).
> For some reason I had to enter the domain controller name instead of
> the domain name when doing so. I am now having issues looking up user
> groups using wbinfo_group and/or "wbinfo -r username".
>
> The following are some commands, conf files & logs (the parts that I
> believe are relevant). I have a feeling I have more than one issue
> going on here. Please let me know if you need more info.
>
> I doubt there are limitations, but we are in a somewhat large
> environment (about 4,000 users accounts) with multiple sub domains.
>
> -----
> # I compiled squid with...
> ./configure --enable-external-acl-helpers="unix_group,wbinfo_group"
> --------------
> [root at lions squid]# rpm -q samba
> samba-3.0.21c-1
> --------------
> [root at lions squid]# wbinfo -a domainuser1%hispass
> plaintext password authentication succeeded
> challenge/response password authentication succeeded
> -------------------
> [root at lions squid]# wbinfo -t
> checking the trust secret via RPC calls succeeded
> -------------------
> [root at lions squid]# wbinfo -u |more
> SUBDOMAIN1\exemployees
> SUBDOMAIN1\installservice
> ...
> ..
> SUBDOMAIN2\exch
> SUBDOMAIN2\adcsv
> SUBDOMAIN2\administrator
> ..
> ..
> domainuser1  #These are the accounts that I would be working with and
> would need lookup there groups. note that
> domainuser2
> domainuser2
> ..
> ..
> --------------------------------
> [root at lions samba]# wbinfo -n domainuser1
> S-1-5-21-954140891-1229348589-1136263860-10879 User (1)
> --------------------------------
> *********[root at lions squid]# ./wbinfo_group.pl
> user1 "domain users"
> Could not lookup name domain users
> Could not convert sid  to gid
> Could not get groups for user user1
> OK
> # also tried domain\\user domain\\group
> ------------------
> ********[root at lions samba]# wbinfo -r domainuser1
> Could not get groups for user domainuser1
> #also tried with domain\\domainuser1
> -------------------
> [root at lions samba]# wbinfo --sequence
> SubDomain1 : DISCONNECTED
> SubDomain2 : DISCONNECTED
> Subdomain3 : 2576451
> LIONS : 1
> BUILTIN : 1
> MyDomain : DISCONNECTED # it states disconnected, but I am able to
> view users and groups?
> --------------------
>
> My conf files....
> ------------------------------------------------
> (smb.conf) # note that this is the while conf file. I read that this
> is all I need
>
> [global]
> workgroup = MyDomain
> netbios name = lions
> password server = 10.20.250.2
> security = domain
> winbind uid = 10000-20000
> winbind gid = 10000-20000
> winbind use default domain = yes
> ------------------------------------------------
> (nsswitch.conf)
> #
> # /etc/nsswitch.conf
> #
> # To use db, put the "db" in front of "files" for entries you want to be
> # looked up first in the databases
> #
> # Example:
> #passwd:    db files nisplus nis
> #shadow:    db files nisplus nis
> #group:     db files nisplus nis
> passwd:     files winbind
> shadow:     files winbind
> group:      files winbind
> #hosts:     db files nisplus nis dns
> hosts:  files winbind dns
> # Example - obey only what nisplus tells us...
> #services:   nisplus [NOTFOUND=return] files
> #networks:   nisplus [NOTFOUND=return] files
> #protocols:  nisplus [NOTFOUND=return] files
> #rpc:        nisplus [NOTFOUND=return] files
> #ethers:     nisplus [NOTFOUND=return] files
> #netmasks:   nisplus [NOTFOUND=return] files
> bootparams: nisplus [NOTFOUND=return] files
> ethers:     db files
> netmasks:   files
> networks:   files dns
> protocols:  files winbind
> rpc:        db files
> services:   files winbind
> netgroup:   files winbind
> publickey:  nisplus
> automount:  files winbind
> aliases:    files nisplus
> ---------------------------------
> (krb5.conf)
>
> [libdefaults]
>  default_realm = Mydomain.domain.com
>
>  dns_lookup_realm = true
>  dns_lookup_kdc = true
> [realms]
> MY = {
>   kdc = domaincontroller1.mydomain.domain.com
>   admin_server = domaincontroller1
>   kdc = domaincontroller1
> }
>
> [domain_realm]
> .kerberos.server = MYDOMAIN.DOMAIN.COM
> ---------------------------------------
>
> Log files:
> --------------------------------
> [root at lions samba]# vi winbindd.log
> [2006/02/27 08:02:32, 1] nsswitch/winbindd_ads.c:ads_cached_connection(109)
>   ads_connect for domain SUBDOMAIN2 failed: No such file or directory
> [2006/02/27 08:04:08, 1] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(221)
>   Could not get convert sid  from string
> [2006/02/27 08:04:27, 1] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(221)
>   Could not get convert sid  from string
> [2006/02/27 08:05:06, 1] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(221)
>   Could not get convert sid  from string
> [2006/02/27 08:06:29, 1] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(221)
>   Could not get convert sid  from string
> [2006/02/27 08:17:00, 1] nsswitch/winbindd_ads.c:ads_cached_connection(109)
>   ads_connect for domain SUBDOMAIN2 failed: No such file or directory
> [2006/02/27 08:21:16, 1] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(221)
>   Could not get convert sid  from string
> [2006/02/27 08:35:55, 1] nsswitch/winbindd_ads.c:ads_cached_connection(109)
>   ads_connect for domain SUBDOMAIN2 failed: No such file or directory
>
> --------------------------------
> # /var/log/messages
>
> Feb 27 07:57:52 lions net: [2006/02/27 07:57:52, 0]
> utils/net_ads.c:ads_startup(191)
> Feb 27 07:57:52 lions net:   ads_connect: No results returned
> Feb 27 07:58:25 lions net: [2006/02/27 07:58:25, 0]
> utils/net_ads.c:ads_startup(191)
> Feb 27 07:58:25 lions net:   ads_connect: No results returned
> Feb 27 08:01:01 lions crond(pam_unix)[11231]: session opened for user
> root by (uid=0)
> Feb 27 08:01:02 lions crond(pam_unix)[11231]: session closed for user root
> Feb 27 08:30:10 lions winbindd[11510]: [2006/02/27 08:30:10, 0]
> libsmb/clientgen.c:cli_rpc_pipe_close(375)
> Feb 27 08:30:10 lions winbindd[11510]:   cli_rpc_pipe_close: cli_close
> failed on pipe \NETLOGON, fnum 0x4009 to machine DOMAINCONTROLLER.
> Error was SUCCESS - 0
> Feb 27 09:01:01 lions crond(pam_unix)[11766]: session opened for user
> root by (uid=0)
> Feb 27 09:01:02 lions crond(pam_unix)[11766]: session closed for user root
> ------------------------------------
>
> Thanks,
> Adam
>

More information about the samba mailing list