[Samba] AD integration: "getent passwd" can't see *new*
users,but "wbinfo -u" can
Fernando Ruza
fernandor at sescam.jccm.es
Thu Jul 19 14:56:01 GMT 2007
Did you solve it ?? I have a similar problem. wbinfo -u give me a user,
however when a look for it with getent passwd it doesn't appear. With
other users everything is correct.
Thanks,
Fernando.
El lun, 12-02-2007 a las 01:17 -0500, Noah Dain escribió:
> I have two different systems (on different networks) showing this
> behavior. Both are running Ubuntu Dapper/606.1 LTS with samba version
> 3.0.22 and windows 2003 sp1 servers (not R2). AD integration is done
> via winbind, with nss using winbind. At some point in time (which is
> unknown to me), the samba server stopped seeing new users, groups,
> machines which are added to AD.
>
> scenario:
> I add a new user to AD, say "smbtest". I then look for the user with
> "wbinfo -u", and it shows up. However, it does not show up with
> "getent passwd" (same for groups, "getent group"). If I try to map a
> share to a drive letter, it goes something like this:
>
> C:\WINDOWS>net use h: \\SAMBASRV\smbtest /user:DOMAIN\smbtest password
>
> System error 1326 has occurred.
>
>
> Logon failure: unknown user name or bad password.
>
> (The same results occur for existing shares, so it's not from lack of
> a home directory)
>
> Of particular interest is log.winbindd-idmap. Whenever I try to
> connect as the user smbtest to their home directory or another share,
> this is logged here several times:
>
> [2007/02/11 20:45:40, 0] sam/idmap_rid.c:rid_idmap_get_id_from_sid(485)
> rid_idmap_get_id_from_sid: no suitable range available for sid:
> S-1-5-21-4050315045-3251428658-993335031-3123
>
> "wbinfo -s S-1-5-21-4050315045-3251428658-993335031-3123" returns
> "smbtest" as expected.
> "wbinfo -n smbtest" returns that sid.
> Other users/sids work.
>
> other stuff I've tried / observed:
>
> "net ads testjoin" looks good.
> kerberos looks good.
> There are no local accounts within the idmap uid/gid range.
> "/var/lib/samba/winbindd_idmap.tdb" shows no new entries.
> I've restarted samba and winbindd, and the whole machine went down for
> a reboot, but I'm still getting the same behavior.
>
> -- only config files below --
> smb.conf:
>
> [global]
> workgroup = DOMAIN
> realm = DOMAIN
> server string = samba server
> interfaces = eth0
> bind interfaces only = Yes
> security = ADS
> allow trusted domains = No
> obey pam restrictions = Yes
> pam password change = Yes
> log level = 2 winbind:3 passdb:2 auth:2
> log file = /var/log/samba/%m.log
> socket options = TCP_noDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> load printers = No
> dns proxy = No
> wins server = DC1
> idmap backend = rid:BUILTIN=1000-9999, DOMAIN=10000-60000
> idmap uid = 1000-60000
> idmap gid = 1000-60000
> template homedir = /home/%U
> template shell = /bin/bash
> winbind separator = /
> winbind use default domain = Yes
> winbind nested groups = Yes
> hosts allow = 192.168.1.0/255.255.255.0, 127.
> hosts deny = 0.0.0.0/0.0.0.0
>
> [homes]
> comment = Home Directory
> path = /home/%U
> read only = No
> create mask = 0640
> directory mask = 0750
> browseable = No
>
> /end smb.conf
>
> /etc/nsswitch.conf:
>
> passwd: compat winbind
> group: compat winbind
> shadow: compat winbind
> hosts: files dns mdns
> networks: files
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
> netgroup: nis
>
> /end nsswitch.conf
>
> --
> Noah Dain
> "The beatings will continue, until moral improves" - the Management
--
Fernando Ruza (fernandor at sescam.jccm.es)
Dto. Informatica
Hospital Univesitario de Guadalajara
Tfl: 949 209 215
661 123 845
Linux user: #273644 (http://counter.li.org)
Debian Sid (Kernel 2.6.14.3 & ext3)
-------------------------------------------------------------------
Por favor, NO utilice formatos de archivo propietarios para el
intercambio de documentos, como DOC y XLS, sino HTML, RTF, TXT, CSV o
cualquier otro que no obligue a utilizar un programa de un fabricante
concreto. Gracias.
More information about the samba
mailing list