[Samba] Winbind missing secondary groups depending on case & distro
Roger Prefontaine
roger at interbaun.com
Tue Feb 13 20:45:32 GMT 2007
I've been at this on and off for a month, testing, searching, so please bear
with me :) I think it's finally time to ask for help before I rip my hair
out.
winbind is refusing to report a user's secondary groups depending on whether
I request it in mixed case, in lower case, and with the domain name. Samba
is also refusing to see the user's secondary groups. The username is mixed
case on the NT4 PDC server (i.e. "David")
I've built Ubuntu 6.06LTS, and 7.04 servers with 3.0.22, and 3.0.24
respectively. Both these machines exhibit this problem. I've also built a
CentOS 4.4 with 3.0.23d & 3.0.24, and it works *fine*, the problem is only
on the Ubuntu machines. Considering they both run 3.0.24, this seems kind
of bizarre.
On the Ubuntu server, "id DOMAINNAME+David", "id DOMAINNAME+david", and "id
David" only list the primary group, and "id david" lists all groups. All of
these combinations produce all groups on the CentOS server.
The NT4 PDC, and the Samba domain member servers have all been built from
scratch from bare-bones installs for the sole purpose of figuring this all
out (so the solution can be rolled into a production Ubuntu 6.06LTS server &
NT4 PDC). They all run identical smb.conf and similar nsswitch.conf files.
wbinfo -u and -g list the correct users and groups, and getent passwd &
group also list local and PDC users and groups as expected.
A link to a level 10 log of log.winbindd is here ==>
http://www.petrolia.com/files/log.winbindd.txt
It is a clean log that only contains startup, and a request (id David) on
the Ubuntu 7.04 server.
The Ubuntu machine also does not list any BUILTIN groups like the CentOS
machine.
The [global] section of smb.conf on all machines is:
[global]
workgroup = TOILETWARS
server string = Samba Server
security = DOMAIN
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
preferred master = No
local master = No
domain master = No
dns proxy = No
ldap ssl = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
cups options = raw
What on earth could be the difference between these platforms that is
causing this?
Roger
More information about the samba
mailing list