[Samba] Samba-Active Directory only returns default group

Philipoff, Andrew aphilipoff at medicine.ucsf.edu
Tue Dec 18 00:41:21 GMT 2007 

I have a RHEL 4.6 server with the Red Hat supplied Samba
3.0.25b-1.el4_6.4 packages (samba, samba-client, samba-common)
installed. I was able to bind this server to our Active Directory forest
but when I run "groups username" all I get is "username : domain users"
despite the fact our users are members of multiple groups in our AD
domain. However I can chgrp files/directories to domain groups other
than the default Domain Users group.

 

I can successfully run wbinfo -g but I cannot run wbinfo -u, I get a
"Error looking up domain users" message.  I verified that nscd is not
running. Does anyone know how to help Samba find the other domain groups
that our users are members of? Below are my config files:

 

/etc/samba/smb.conf:

 

workgroup = WORKGROUP

netbios name = SERVERNAME

server string = SERVERNAME

security = ADS

realm = DOMAIN.FOREST.COM

password server = domain_controller_IP

client use spnego = NO

server signing = AUTO

ntlm auth = YES

lanman auth = YES

encrypt passwords = YES

use kerberos keytab = YES

log level = 10

local master = NO

domain master = NO

idmap uid = 10000-300000

idmap gid = 10000-300000

template shell = /bin/false

winbind enum users = YES

winbind enum groups = YES

winbind use default domain = YES

 

/etc/krb5.conf:

 

[libdefaults]

 default_realm = DOMAIN.FOREST.COM

 default_keytab_name = FILE:/etc/krb5.keytab

 dns_fallback = no

[realms]

        }

        DOMAIN.FOREST.COM = {

                kdc = DOMAIN03.FOREST.COM.:88

                kdc = DOMAIN02.FOREST.COM.:88

                kdc = DOMAIN01.FOREST.COM.:88

                admin_server = DOMAIN03.FOREST.COM.

                admin_server = DOMAIN02.FOREST.COM.

                admin_server = DOMAIN01.FOREST.COM.

        }

[domain_realm]

        .domain.forest.com = DOMAIN.FOREST.COM

[appdefaults]

 pam = {

   debug = false

   ticket_lifetime = 36000

   renew_lifetime = 36000

   forwardable = true

   krb4_convert = false

 

/etc/nsswitch.conf:

 

passwd:     files winbind

shadow:     files winbind

group:      files winbind

hosts:      files dns wins

bootparams: nisplus [NOTFOUND=return] files

ethers:     files

netmasks:   files

networks:   files

protocols:  files

rpc:        files

services:   files

netgroup:   files

publickey:  nisplus

automount:  files

aliases:    files nisplus

 

Andrew Philipoff
Programmer Analyst
Information Technology Services
Department of Medicine
University of California, San Francisco
Phone: 415-476-1344
Help Desk: 415-476-6827

More information about the samba mailing list