[Samba] winbind: getent passwd displays the user, but SAMBA says Get_Pwnam_internals didn't find user

Cédric Delfosse cedric.delfosse at linbox.com
Wed Nov 15 19:38:43 GMT 2006 

SAMBA 3.0.21c (domain is LINBOXTEXT)
Windows 2000 SP4 (domain is ADTEST)

Hello,

I've established an interdomain trust relationship between SAMBA and
Windows.

Samba domain users can log into the Windows domain, but Windows domain
users can't log to the SAMBA server.

For example, if I try to log as "ADTEST/dupond" from Windows to SAMBA, 
SAMBA log says:

[2006/11/15 20:17:05, 5] lib/username.c:Get_Pwnam_alloc(290)
  Finding user ADTEST\dupond
[2006/11/15 20:17:05, 5] lib/username.c:Get_Pwnam_internals(234)
  Trying _Get_Pwnam(), username as lowercase is adtest\dupond
[2006/11/15 20:17:05, 5] lib/username.c:Get_Pwnam_internals(242)
  Trying _Get_Pwnam(), username as given is ADTEST\dupond
[2006/11/15 20:17:05, 5] lib/username.c:Get_Pwnam_internals(252)
  Trying _Get_Pwnam(), username as uppercase is ADTEST\DUPOND
[2006/11/15 20:17:05, 5] lib/username.c:Get_Pwnam_internals(261)
  Checking combinations of 0 uppercase letters in adtest\dupond
[2006/11/15 20:17:05, 5] lib/username.c:Get_Pwnam_internals(267)
  Get_Pwnam_internals didn't find user [ADTEST\dupond]!

And I have this message in /var/log/samba/log.wb-ADTEST

[2006/11/15 20:34:57, 3]
nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(585)
  [ 8617]: pam auth crap domain: ADTEST user: dupond

But "getent passwd" works:

# getent passwd "ADTEST\dupond"
ADTEST\dupond:x:30001:30000::/home/ADTEST/dupond:/bin/false

Other interesting commands:

# wbinfo -a 'ADTEST\dupond%dupond'
plaintext password authentication succeeded
challenge/response password authentication succeeded

# wbinfo -n 'ADTEST\dupond'
S-1-5-21-1409082233-1844237615-1801674531-1104 User (1)

# wbinfo -m
ADTEST

# wbinfo -s S-1-5-21-1409082233-1844237615-1801674531-1104
ADTEST\dupond 1

Any idea ? I don't understand what is the remaining problem.

My smb.conf:

[global]
        ldap group suffix = ou=Groups
        ldap admin dn = cn=admin,dc=linbox,dc=com
        add machine script = /usr/lib/lmc/add_machine_script '%u'
        domain logons = yes
        logon path = \\%N\profiles\%u
        netbios name = PDC01
        print command =
        null passwords = Yes
        logon script = logon.bat
        lprm command =
        printcap name = cups
        passdb backend = ldapsam:ldap://127.0.0.1/
        workgroup = LINBOXTEST
        enable privileges = Yes
        ldap user suffix = ou=Users
        map acl inherit = Yes
        map to guest = Bad User
        #name resolve order = bcast
        lpq command = %p
        log level = 3
        ldap suffix = dc=linbox,dc=com
        printing = cups
        ldap machine suffix = ou=Computers

        idmap backend = ldap:ldap://127.0.0.1/
        ldap idmap suffix = ou=Idmap
        idmap uid = 30000-40000
        idmap gid = 30000-40000

        wins support = yes
        #auth methods = guest sam winbind

        log level = 10


Best regards,

-- 
Cedric Delfosse                             Linbox / Free&ALter Soft
152, rue de Grigy - Technopole Metz              57070 METZ - FRANCE
tel: +33 (0)3 87 50 87 98                          http://linbox.com

More information about the samba mailing list