[Samba] Winbind can do everything besides lookup by name

David Croft david at infotrek.co.uk
Wed Aug 15 18:47:15 GMT 2007


Hi,

I have winbind joined to a Win2003 AD domain with rid idmap backend.
Almost everything's working. wbinfo -u and -g work fine, as does
getent passwd and getent group. I can also getent by ID number. The
only thing I can't do is getent by name, which is preventing logins:

root at services2:/etc/pam.d# net ads testjoin
Join is OK
root at services2:/etc/pam.d# getent passwd | grep david.croft
david.croft:*:11157:10513:David
Croft:/home/ntuser/MYDOMAIN/david.croft:/bin/bash
root at services2:/etc/pam.d# getent passwd 11157
david.croft:*:11157:10513:David
Croft:/home/ntuser/MYDOMAIN/david.croft:/bin/bash
root at services2:/etc/pam.d# getent passwd david.croft
root at services2:/etc/pam.d# getent group 11155
linux_users:x:11155:david.croft,joe.bloggs
root at services2:/etc/pam.d# getent group linux_users
root at services2:/etc/pam.d#

Here's the debug log (-d 10) from the getent passwd by name:

[2007/08/15 19:34:37, 6] nsswitch/winbindd.c:new_connection(601)
  accepted socket 17
[2007/08/15 19:34:37, 10] nsswitch/winbindd.c:process_request(287)
  process_request: request fn INTERFACE_VERSION
[2007/08/15 19:34:37, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(483)
  [    0]: request interface version
[2007/08/15 19:34:37, 10] nsswitch/winbindd.c:process_request(287)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2007/08/15 19:34:37, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516)
  [    0]: request location of privileged pipe
[2007/08/15 19:34:37, 6] nsswitch/winbindd.c:new_connection(601)
  accepted socket 18
[2007/08/15 19:34:37, 10] nsswitch/winbindd.c:process_request(287)
  process_request: request fn GETPWNAM
[2007/08/15 19:34:37, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(336)
  [    0]: getpwnam david.croft
[2007/08/15 19:34:37, 7] nsswitch/winbindd_user.c:winbindd_getpwnam(352)
  could not find domain entry for domain DAVID.CROFT

Here's the smb.conf:

[global]
        workgroup = MYDOMAIN
        realm = MYDOMAIN.COM
        server string = %h server
        security = ADS
        allow trusted domains = No
        obey pam restrictions = Yes
        password server = mydomain-fs1.mydomain.com
        passdb backend = tdbsam
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully*
.
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        dns proxy = No
        panic action = /usr/share/samba/panic-action %d
        idmap backend = rid:MYDOMAIN=10000-100000000
        idmap uid = 10000-100000000
        idmap gid = 10000-100000000
        template homedir = /home/ntuser/%D/%U
        template shell = /bin/bash
        winbind separator =
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        invalid users = root

Here's nsswitch.conf:

passwd:         compat winbind
group:          compat winbind
shadow:         compat


Any thoughts?

Cheers,

David


More information about the samba mailing list