R: R: R: R: [Samba] LS not showing AD owner username and groupname

Gianluca Culot gianlucaculot at dmsware.com
Fri May 11 08:02:39 GMT 2007 

> -----Messaggio originale-----
> Da: Gerald (Jerry) Carter [mailto:jerry at samba.org]
> Inviato: giovedì 10 maggio 2007 17.23
> A: Gianluca Culot
> Cc: Samba at Lists. Samba. Org
> Oggetto: Re: R: R: R: [Samba] LS not showing AD owner username and
> groupname
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Gianluca Culot wrote:
>
> > well this
> > mail# ~ > perl -e '@user = getpwuid(100000); print "@user\n";'
> > give
> > <empty line>
> > as result
> > Same getgrgid
> > could be my UID database for samba is corrupted ?
> > I've upgraded from 14b... and something in configuration changed.
> > but I supposed samba would adjust automatically UIDs and
> > that eventually I'd change the ownership of home directories
> > for my email users
> >
> > well
> > thanks A LOT for your great helping.  I banged my head
> > on this problem for whole day long and learned a lot about
> > samba...  I'll resume tomorrow (Central Europe Time)
>
> Look for things like nscd reset the cache.   Also turn
> up logging in smb.conf and look at the log.{wb,winbind}*
> log files for clues.
>
>
>
>
>
> cheers, jerry
> =====================================================================
> Samba                                    ------- http://www.samba.org
> Centeris                         -----------  http://www.centeris.com
> "What man is a man who does not make the world better?"      --Balian
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGQzjbIR7qMdg1EfYRAg8uAKCXLn7WK6lv/yAaMCXrD/tlYdsgmQCgqmhM
> okPYuAQlCj5rswvhar5uR3g=
> =FEiW
> -----END PGP SIGNATURE-----
>

That's getting HARD

Yesterday I raised the log... and... Now I have a lot
YET almost NO ERROR, excluded failed password entries by users.
the only anomalous line is "Failed to enumerate local groups!"

[2007/05/11 09:56:35, 3]
nsswitch/winbindd_group.c:get_sam_group_entries(610)
  get_sam_group_entries: Failed to enumerate domain local groups!
[2007/05/11 09:56:35, 3] nsswitch/winbindd_group.c:winbindd_getgrent(659)
  [    0]: getgrent
[2007/05/11 09:56:35, 3]
nsswitch/winbindd_group.c:winbindd_setgrent_internal(465)
  [    0]: setgrent
[2007/05/11 09:56:43, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(483)
  [    0]: request interface version
[2007/05/11 09:56:43, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516)
  [    0]: request location of privileged pipe
[2007/05/11 09:56:43, 3] nsswitch/winbindd_group.c:winbindd_getgrgid(430)
  [    0]: getgrgid 1513

but I cannot understand to which request it is related


Yet think I'm homing on the problem

every option in net ads (for example testjoin) gives positive answer. No
problem on join (the problem shall be in samba, not in samba/ad dialogue)

Every option in wbinfo gives positive results EXCEPT
wbinfo -U <group id>
which answers back
Could not convert uid 1513 to sid

and in log.winbindd I get

[2007/05/11 09:47:23, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(483)
  [    0]: request interface version
[2007/05/11 09:47:23, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516)
  [    0]: request location of privileged pipe
[2007/05/11 09:47:23, 3] nsswitch/winbindd_sid.c:winbindd_uid_to_sid(280)
  [    0]: uid to sid 1513


and If i try to list a directory with files and subdirs beloging to a domain
group...
mail# /usr/home/gianlucaculot > ls -al /usr/home
total 44
drwxr-xr-x  21 root           wheel          512 May  7 12:30 .
drwxr-xr-x  20 root           wheel          512 May  2 15:50 ..
drwx------   3 1500           1513           512 May  6 19:02 administrator

in log.winbindd I see

[2007/05/11 09:45:22, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(483)
  [    0]: request interface version
[2007/05/11 09:45:22, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516)
  [    0]: request location of privileged pipe
[2007/05/11 09:45:22, 3] nsswitch/winbindd_user.c:winbindd_endpwent(526)
  [    0]: endpwent
[2007/05/11 09:45:22, 3] nsswitch/winbindd_group.c:winbindd_endgrent(527)
  [    0]: endgrent
[2007/05/11 09:45:22, 3] nsswitch/winbindd_group.c:winbindd_getgrgid(430)
  [    0]: getgrgid 1513

Even if I read NO ERROR.. the two logs are too much similar, so I suppose
getgrgid is failing in mapping id 1513 to the group sid, which makes me
think I got a mess in tdb samba databases.

AND
mail# /usr/home/gianlucaculot > perl -e '@group = getgrnam("DMSWARE\\domain
users"); print "@group\n";'
domain users x 1513 risrobot administrator
mail# /usr/home/gianlucaculot > perl -e '@group = getgrgid(1513); print
"@group\n";'

so 1513 CANNOT BE resolved as Domain Users

1) should I delete TDBs database and make samba rebuild them. If yes. how
can I do it correctly ?
2) Should I create a groups 1513 in /etc/group ? I've already mapped "Domain
Users" to "users"
mail# /usr/home/gianlucaculot > net groupmap list
Domain Users (S-1-5-21-3999584804-2945907794-872237379-1001) -> users
Administrators (S-1-5-32-544) -> 1015
Users (S-1-5-32-545) -> 1016

Yet I Still have two IDs which look related to the domain users (this was
THE problem on 14b)

and no... net groupmap cleanup doesn't solve the problem.

Thanks for your time !

More information about the samba mailing list