[Samba] winbind: getent passwd displays the user, but SAMBA says Get_Pwnam_internals didn't find user

Cédric Delfosse cedric.delfosse at linbox.com
Thu Nov 16 14:16:40 GMT 2006 

Le mercredi 15 novembre 2006 à 20:38 +0100, Cédric Delfosse a écrit :
> SAMBA 3.0.21c (domain is LINBOXTEXT)
> Windows 2000 SP4 (domain is ADTEST)
> 
> Hello,
> 
> I've established an interdomain trust relationship between SAMBA and
> Windows.
> 
> Samba domain users can log into the Windows domain, but Windows domain
> users can't log to the SAMBA server.

Hello,

I upgraded to SAMBA 3.0.23c, and it still doesn't work.
Now "getent passwd" doesn't display the winbind entries (and I added
winbind enum users/groups = * to smb.conf), but wbinfo -u/-g works

And after one restart of samba/winbind, it's worse. I know have this:

# wbinfo --sequence
ADTEST : DISCONNECTED
BUILTIN : 137325808
LINBOXTEST : 137323728

# wbinfo -u
Error looking up domain users

But:

# wbinfo -a "ADTEST\dupond%dupond"
plaintext password authentication failed
error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
error messsage was: No logon servers
Could not authenticate user ADTEST\dupond%dupond with plaintext password
challenge/response password authentication succeeded

So at least users can be authenticated, but their account information
aren't successfully look up.

I'm now trying Samba 3.0.21d, as it looks like there is tons of winbind
improvements in this version ! )

Regards,

My smb.conf:

[global]
        ldap group suffix = ou=Groups
        ldap admin dn = cn=admin,dc=linbox,dc=com
        add machine script = /usr/lib/lmc/add_machine_script '%u'

        domain master = yes
        domain logons = yes
        preferred master = yes

        logon path = \\%N\profiles\%u
        netbios name = PDC01
        print command =
        null passwords = Yes
        logon script = logon.bat
        lprm command =
        printcap name = cups
        passdb backend = ldapsam:ldap://127.0.0.1/
        workgroup = LINBOXTEST
        enable privileges = Yes
        ldap user suffix = ou=Users
        map acl inherit = Yes
        map to guest = Bad User
        #name resolve order = bcast
        lpq command = %p
        log level = 3
        ldap suffix = dc=linbox,dc=com
        printing = cups
        ldap machine suffix = ou=Computers

        idmap backend = ldap:ldap://127.0.0.1/
        ldap idmap suffix = ou=Idmap
        idmap uid = 30000-40000
        idmap gid = 30000-40000
        # SAMBA 3.0.23c
        winbind enum users = yes
        winbind enum groups = yes

        winbind cache time = 1

        wins support = yes
        #auth methods = guest sam winbind

        log level = 10


-- 
Cedric Delfosse                             Linbox / Free&ALter Soft
152, rue de Grigy - Technopole Metz              57070 METZ - FRANCE
tel: +33 (0)3 87 50 87 98                          http://linbox.com

More information about the samba mailing list