[Samba] nss didn't list winbind user/groups

Igor Morgado igormorgado.listas at gmail.com
Wed Oct 18 21:50:34 GMT 2006 

Hi all!

Im using samba 3.0.23c from debian backports and I finding some problems,
this host has worked flawlessly since a a few months ago. But now stopped to
work properly.

My versions are:
ii  winbind                3.0.23c-1~bpo.1        service to resolve user
and group information from Windows N
ii  samba                  3.0.23c-1~bpo.1        a LanManager-like file and
printer server for Unix
ii  samba-common           3.0.23c-1~bpo.1        Samba common files used by
both the server and the client


My confs are the following

/etc/nsswitch.conf


# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat winbind [NOTFOUND=return] db
group:          compat winbind [NOTFOUND=return] db
shadow:         compat

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

[global]
        workgroup = IBEU
        realm = IBEU.ORG.BR
        server string = Servidor de arquivos central
        security = ADS
        password server = ibeu_nt2 ibeu_nt 10.1.1.238 10.1.1.231
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
        username map = /etc/samba/users.map
        username level = 8
        log level = 4
        #vfs:2
        syslog = 0
        syslog only = 0
        log file = /var/log/samba/log.%m.%U
        max log size = 0
        socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
SO_RCVBUF=8192 SO_SNDBUF=8192
        printcap name = cups
        add user script = /usr/sbin/useradd -d /dev/null -g 100 -s
/bin/false -M %u
        logon script = scripts\startup.bat
        logon path = \\%L\profiles\%u\%m
        logon drive = F:
        logon home = \\%L\%u\.win_profile\%m
        os level = 6
        preferred master = No
        local master = No
        domain master = No
        wins server = 10.1.1.238
        remote announce = 10.1.1.255/IBEU
        remote browse sync = 10.1.1.255
        panic action = /usr/share/samba/panic-action %d
        idmap uid = 10000-20000
        template homedir = /dados/home/%U
        template shell = /dev/null
        winbind separator = /
        winbind use default domain = Yes
#       recycle:maxsize = 10240000
#       recycle:touch = no
#       recycle:keeptree = yes
#       recycle:repository = /dados/lixeira
        invalid users = root
        printer admin = @admins
        acl group control = Yes
        inherit permissions = Yes
        inherit acls = Yes
        printing = cups
        print command =
        lpq command = %p
        lprm command =
#       vfs objects = recycle
#extd_audit
[homes]
        comment = Home Directories
        read only = No
        create mask = 0700
        directory mask = 0700
        browseable = No

[profiles]
        path = /dados/profiles
        read only = No
        create mask = 0600
        directory mask = 070

[IPC$]
        path = /tmp
        read only = No
        guest ok = Yes

[printers]
        comment = All Printers
        path = /tmp
        create mask = 0700
        printable = Yes
        browseable = No

[print$]
        comment = Printer Drivers
        path = /var/lib/samba/printers
        write list = root, @admins


behind this only user shares (I have commented out somethings because im
trying to find out where is the problem)

Samba and winbind is running (ps aux show them)

Users can connect on shares etc..

Here is some command output
zaphod:/etc/samba# wbinfo -p
Ping to winbindd succeeded on fd 4
zaphod:/etc/samba# wbinfo -u
full user list  . . . .
zaphod:/etc/samba# wbinfo -g
full group list...

BUT!

zaphod:/etc/samba# getent passwd
just show /etc/passwd users

zaphod:/etc/samba# getent group
just show /etc/group users

Weirdest thing!!

zaphod:/etc/samba# getent passwd igormorgado
igormorgado:*:10000:10000:Igor Morgado:/dados/home/igormorgado:/dev/null

zaphod:/etc/samba# getent group admins
admins:x:10003:servicos,vhogemann,igormorgado,lidia,diogo,nelson,admin,ramos,eliane,JEANNE,Administrador

Retrieve winbind data!!

Even more weirdest!

zaphod:/etc/samba# id igormorgado
uid=10000(igormorgado) gid=10000(Domain Users) grupos=10000(Domain Users)

it list only the my primary group not all groups but as you could notice i'm
on admins group too.


More data:
zaphod:/etc/samba# nss_updatedb winbind
Failed to enumerate nameservice: Success
passwd... nameservice unavailable.

I have tried to remove winbind cache file (as ||cw told me on irc channel)
but didn't helped.

There is no pam configuration about winbind this is because I didn't need
unix authenticating on winbind or anything like. (just users on samba)

I have other host with same configuration but using this versions:
ii  winbind                3.0.14a-3sarge1        service to resolve user
and group information from Windows N
ii  samba                  3.0.14a-3sarge1        a LanManager-like file and
printer server for Unix
ii  samba-common           3.0.14a-3sarge1        Samba common files used by
both the server and the client


But i need some options in samba 3.0.22 (as acl group control and inherit).

More information about the samba mailing list