[Samba] Winbind - wbinfo -u works, getent passwd only gives
local users
Alex Crow
acrow at integrafin.co.uk
Fri May 18 07:53:55 GMT 2007
In smb.conf, do you have
winbind enum groups = yes
winbind enum users = yes ?
I got stumped by this myself but these seem now to be off by default and
need to be added for nsswitch to enumerate users/groups.
Cheers
Alex
On Thu, 2007-05-17 at 18:30 +0100, David Lee wrote:
> Hi Rune
> I have
>
> passwd: compat winbind
> group: compat winbind
> shadow: compat
>
> hosts: files dns
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
>
> and am now wondering what the netgroup entry is doing.
> Other than that, it looks OK to me.
>
> Removing the netgroup entry does not help.
>
> David Lee
>
> ---------- Forwarded Message ----------
>
> Subject: Re: [Samba] Winbind - wbinfo -u works, getent passwd only gives
> local users
> Date: Thursday 17 May 2007 01:20
> From: Rune Tønnesen
>
> Hi' David
>
> have you checked your setup in the /etc/nsswitch.conf file?
> --
> Rune Tønnesen
> Venlig Hilsen/Best Regards
>
> > I only have limited Samba experience, and expect this is a silly mistake,
> > but have been unable to find a solution
> >
> > I have installed Samba and Winbind on my desktop Linux (Debian) machine
> > (SPARKSTONELX), aiming to unify logins with other windows machines
> > accessing the PDC, again samba/Debian, with tdbsam password backend. All is
> > well, joining the domain, and getting account details using wbinfo -u, but
> > getent passwd only gives the local account details.
> >
> > The log file on the PDC (FILESTONE) reports
> >
> > [2007/05/15 22:31:48, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242)
> > get_md4pw: Workstation SPARKSTONELX$: no account in domain
> > [2007/05/15 22:31:48, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461)
> > _net_auth2: failed to get machine password for account SPARKSTONELX$:
> > NT_STATUS_ACCESS_DENIED
> >
> > [2007/05/15 22:31:52, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(259)
> > group sparkstonelx$ in domain STONES does not exist
> >
> > and on the Linux desktop
> >
> > [2007/05/15 22:30:18, 1]
> > rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625)
> > cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR
> > received from remo
> > te machine FILESTONE pipe \lsarpc fnum 0x767a!
> > [2007/05/15 22:30:18, 1]
> > rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(601)
> > cli_pipe_validate_current_pdu: Bind NACK received from remote
> > machinesparkstonelx:/var/log/samba# wbinfo --own-domain
> > STONES
> > sparkstonelx:/var/log/samba# wbinfo -t
> > checking the trust secret via RPC calls succeeded
> > sparkstonelx:/var/log/samba# wbinfo -D stones
> > Name : STONES
> > Alt_Name :
> > SID : S-1-5-21-835963941-2627181251-1431239077
> > Active Directory : No
> > Native : No
> > Primary : Yes
> > Sequence : 1179266454
> > FILESTONE pipe \samr
> > fnum 0x767b!
> > [2007/05/15 22:30:18, 0]
> > rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2356)
> > cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error
> > NT_STATUS_NETWORK_
> > ACCESS_DENIED
> > [2007/05/15 22:30:18, 1]
> > rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(601)
> > cli_pipe_validate_current_pdu: Bind NACK received from remote machine
> > FILESTONE pipe \lsar
> > pc fnum 0x767e!
> > [2007/05/15 22:30:18, 0]
> > rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2356)
> > cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error
> > NT_STATUS_NETWORK_
> > ACCESS_DENIED
> >
> > but
> >
> > sparkstonelx:/var/log/samba# wbinfo --own-domain
> > STONES
> > sparkstonelx:/var/log/samba# wbinfo -t
> > checking the trust secret via RPC calls succeeded
> > sparkstonelx:/var/log/samba# wbinfo -D stones
> > Name : STONES
> > Alt_Name :
> > SID : S-1-5-21-835963941-2627181251-1431239077
> > Active Directory : No
> > Native : No
> > Primary : Yes
> > Sequence : 1179266454
> >
> > Any ideas?
> >
> > My network is about 6 machines in a Christian community, some being XP
> > home, which limits my possible security settings!
> > --
> > David Lee
> > ----------------------------
> > Living Stones, Flore, UK
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/listinfo/samba
>
> -------------------------------------------------------
>
> --
> David Lee
> ----------------------------
> Living Stones, Flore, UK
More information about the samba
mailing list