[Samba] Re: Domain membership problem in OpenSuse 10.2
Prajjwal P. Devkota
prajjwald at gmail.com
Wed Apr 18 08:40:40 GMT 2007
Hi Everyone,
I found out my mistake. The funny thing is: it works in Fedora Core 5,
even though I have the same lines in the smb.conf file.
The two lines:
winbind uid = 16777216-33554431
winbind gid = 16777216-33554431
were causing the problem. I tried two things, and both worked:
a. I changed the winbind uid and gid to 1000-100000, and I could get a
proper listing
b. Removing the winbind uid and gid lines altogether worked as well.
Prajjwal
On 4/18/07, Prajjwal P. Devkota <prajjwald at gmail.com> wrote:
>
> Dear Everyone,
>
> I am trying to use an OpenSuse 10.2 computer on a Windows 2000 domain
> using winbind authentication (join to domain). I added a few lines to
> the smb.conf for extracting sfu attributes, and my smb.conf looks like
> this:
> [global]
> idmap backend = ad
> idmap gid = 1000-100000
> idmap uid = 1000-100000
> winbind uid = 16777216-33554431
> winbind gid = 16777216-33554431
> password server = dell.umn.org.np
> realm = UMN.ORG.NP
> workgroup = HQ
> security = ADS
> template homedir = /home/%D/%U
> template shell = /bin/bash
> usershare allow guests = No
> winbind refresh tickets = yes
> winbind cache time = 3600
> workgroup = HQ
> winbind use default domain = yes
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind nested groups = Yes
> winbind nss info = sfu
> winbind offline logon = Yes
> winbind use default domain = yes
> debuglevel = 4
> log level = 4
>
> I was able to easily view users and groups on the domain, and the group
> info would be extracted easily.
>
> I recently applied available patches to the computer, because there were
> some issues with cdrom access for domain users, and Ximian evolution
> connection to Microsoft exchange that went away only on updating.
>
> However, now I can see uids for users, but the gids are not getting
> resolved. I am attaching sample output below:
> opensuse:~ # id prajjwal
> uid=10000(prajjwal) gid=10000
> groups=10000,10032,10133,10002,10117
> opensuse:~ # groups prajjwal
> id: cannot find name for group ID 10000
> 10000 id: cannot find name for group ID 10032
> 10032 id: cannot find name for group ID 10133
> 10133 id: cannot find name for group ID 10002
> 10002 id: cannot find name for group ID 10117
> 10117
>
> As samba-client and samba-winbind on the server were 3.0.23 even on
> updating, I even tried manually downloading the latest rpms from the
> opensuse ftp site and installing them. However, my problem still
> remains. My installed samba packages are listed below:
>
> opensuse:~ # rpm -qa|grep samba
> kdebase3-samba-3.5.5-78
> yast2-samba-client-2.14.4-3
> yast2-samba-server-2.14.3-10
> samba-client-3.0.24-12.1.55
> samba-winbind-3.0.24-12.1.55
>
> Extra information:
>
> wbinfo -u and wbinfo -g both return proper domain user and group
> listings. wbinfo -p also returns a successful result.
>
> After doing getent group for a particular group, then that group can get
> resolved. For example, continuing on the information provided above:
> opensuse:~ # getent group 'Domain Users'
> domain users:x:10000:guest
> opensuse:~ # groups prajjwal
> id prdomain users id: cannot find name for group ID 10032
> 10032 id: cannot find name for group ID 10133
> 10133 id: cannot find name for group ID 10002
> 10002 id: cannot find name for group ID 10117
> 10117
> opensuse:~ # id prajjwal
> uid=10000(prajjwal) gid=10000(domain users) groups=10000(domain
> users),10032,10133,10002,10117
>
> As you can see, now the uid 10000 is resolved as Domain users, while
> other groups are still not resolved.
>
> All the other linux computers on my domain are running fine: I have got
> centos 4, fedora core 5, and opensuse 10.2 running.
>
> Can anyone help me get this problem sorted out?
>
> Thanks a lot,
> Prajjwal
More information about the samba
mailing list