[Samba] Re: RHEL3, winbind, "Error looking up domain users"
Jesse Guardiani
jesse at wingnet.net
Tue Mar 21 19:46:01 GMT 2006
Jesse Guardiani wrote:
> Hello,
>
> I've been attempting to get this working all day. :)
>
> I have an RHEL3 machine connected to a Windows 2000 PDC
> as a domain member. I'm running samba 3.0.21c, compiled from an SRPM:
> # rpm -q samba
> samba-3.0.21c-1
>
> When I try to list my users, I get this:
> # wbinfo -u
> Error looking up domain users
> Exit 1
>
> Similarly, `getent passwd` fails to show any SMB users. But
> `getent passwd some_previously_authenticated_smb_user` works fine.
>
> `net rpc info` doesn't return anything. `net rpc user -S PDC -U USER`
> works, but only if I specify the PDC and USER.
>
> I have winbind working for authentication, but I can't seem to get
> it to list users or groups. This is problematic, as I am forced to
> make my users authenticate before I can use the new UID/GID to create
> directories. That's just not good.
>
> Is this a known issue with RHEL3?
>
> I'm seeing nothing in the logs and my attempts to strace
> haven't shown me anything useful either. Any pointers?
>
> Also, the W2K PDC is running Active Directory. I've seen some info
> about connecting to an ADS domain in the howtos, but I haven't tried
> it yet because of the RPM hell I would have to go through to get KRB5
> updated past 1.3.1 on RHEL3. Is this the problem? Do I need to connect
> to it as an ADS instead of a normal PDC?
Turns out that RPM Hell was the way to go. W2K + AD indeed requires ADS
in samba, even though you can get basic auth working without ADS. So I
upgraded my KRB5 to these:
http://www.hep.ph.ic.ac.uk/~georgiou/krb5/
(downloaded and installed e2fsprogs-1.35-12.3.EL4.i386.rpm and
e2fsprogs-devel-1.35-12.3.EL4.i386.rpm from RHEL4 to satisfy the
deps first)
Found from this post:
https://www.redhat.com/archives/taroon-list/2005-February/msg00294.html
Then I rebuilt samba-3.0.21c-1.src.rpm from the samba website and installed
the new binary RPM with --force.
And I put it all together with a combination of these:
http://info.ccone.at/INFO/Samba/Samba-Guide/unixclients.html#adssdm
http://info.ccone.at/INFO/Samba/Samba-Guide/unixclients.html#ch9-nsswbnd
http://info.ccone.at/INFO/Samba/Samba-Guide/unixclients.html#ch9-adssdm
And the KRB setup stuff from this:
http://gentoo-wiki.com/HOWTO_fix_Linux_into_Active_Directory#krb5.conf
I'm not sure if the KRB setup stuff was necessary, but I was getting KBC
errors before I tried it, and it worked after I tried it, so I'm not complaining.
`wbinfo -u` now works, along with `getent passwd` and everything else! Woo hoo!
More information about the samba
mailing list