[Samba] Winbind in Win2003 ADS: wbinfo -u works, wbinfo -g does not

Frederik freggy at gmail.com
Fri May 18 21:08:11 GMT 2007 

With samba 3.0.24 (Debian Etch packages) I joined a Windows 2003 ADS
domain. Now wbinfo -u works fine, but wbinfo -g only says: Error
looking up domain groups.

smb.conf:
[global]
   workgroup = wise
   realm = wise.vub.ac.be
   server string = %h server
   dns proxy = no
   password server = wisepc1
   log file = /var/log/samba/log.%m
   log level = 10
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   security = ADS
   encrypt passwords = true
   passdb backend = tdbsam
   obey pam restrictions = yes
   invalid users = root
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully*
.
   socket options = TCP_NODELAY
   winbind use default domain = yes
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   template shell = /bin/bash
   template homedir = /home/%U
   winbind enum groups = yes
   winbind enum users = yes


This can be found in log:

[2007/05/18 19:46:16, 6] nsswitch/winbindd.c:new_connection(601)
  accepted socket 19
[2007/05/18 19:46:16, 10] nsswitch/winbindd.c:process_request(287)
  process_request: request fn LIST_GROUPS
[2007/05/18 19:46:16, 3] nsswitch/winbindd_group.c:winbindd_list_groups(907)
  [    0]: list groups
[2007/05/18 19:46:16, 4] nsswitch/winbindd_group.c:get_sam_group_entries(605)
  get_sam_group_entries: BUILTIN or local domain; enumerating local
groups as well
[2007/05/18 19:46:16, 5] passdb/pdb_interface.c:smb_register_passdb(105)
  Attempting to register passdb backend ldapsam
[2007/05/18 19:46:16, 5] passdb/pdb_interface.c:smb_register_passdb(118)
  Successfully added passdb backend 'ldapsam'
[2007/05/18 19:46:16, 5] passdb/pdb_interface.c:smb_register_passdb(105)
  Attempting to register passdb backend ldapsam_compat
[2007/05/18 19:46:16, 5] passdb/pdb_interface.c:smb_register_passdb(118)
  Successfully added passdb backend 'ldapsam_compat'
[2007/05/18 19:46:16, 5] passdb/pdb_interface.c:smb_register_passdb(105)
  Attempting to register passdb backend NDS_ldapsam
[2007/05/18 19:46:16, 5] passdb/pdb_interface.c:smb_register_passdb(118)
  Successfully added passdb backend 'NDS_ldapsam'
[2007/05/18 19:46:16, 5] passdb/pdb_interface.c:smb_register_passdb(105)
  Attempting to register passdb backend NDS_ldapsam_compat
[2007/05/18 19:46:16, 5] passdb/pdb_interface.c:smb_register_passdb(118)
  Successfully added passdb backend 'NDS_ldapsam_compat'
[2007/05/18 19:46:16, 5] passdb/pdb_interface.c:smb_register_passdb(105)
  Attempting to register passdb backend smbpasswd
[2007/05/18 19:46:16, 5] passdb/pdb_interface.c:smb_register_passdb(118)
  Successfully added passdb backend 'smbpasswd'
[2007/05/18 19:46:16, 5] passdb/pdb_interface.c:smb_register_passdb(105)
  Attempting to register passdb backend tdbsam
[2007/05/18 19:46:16, 5] passdb/pdb_interface.c:smb_register_passdb(118)
  Successfully added passdb backend 'tdbsam'
[2007/05/18 19:46:16, 5] passdb/pdb_interface.c:make_pdb_method_name(158)
  Attempting to find an passdb backend to match tdbsam (tdbsam)
[2007/05/18 19:46:16, 5] passdb/pdb_interface.c:make_pdb_method_name(179)
  Found pdb backend tdbsam
[2007/05/18 19:46:16, 5] passdb/pdb_interface.c:make_pdb_method_name(190)
  pdb backend tdbsam has a valid init
[2007/05/18 19:46:16, 3] nsswitch/winbindd_group.c:get_sam_group_entries(610)
  get_sam_group_entries: Failed to enumerate domain local groups!
[2007/05/18 19:46:16, 4] nsswitch/winbindd_group.c:get_sam_group_entries(605)
  get_sam_group_entries: BUILTIN or local domain; enumerating local
groups as well
[2007/05/18 19:46:16, 3] nsswitch/winbindd_group.c:get_sam_group_entries(610)
  get_sam_group_entries: Failed to enumerate domain local groups!
[2007/05/18 19:46:16, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(430)
  refresh_sequence_number: WISE time ok
[2007/05/18 19:46:16, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(459)
  refresh_sequence_number: WISE seq number is now 647240
[2007/05/18 19:46:16, 10] nsswitch/winbindd_cache.c:enum_dom_groups(1136)
  enum_dom_groups: [Cached] - doing backend query for list for domain WISE
[2007/05/18 19:46:16, 3] nsswitch/winbindd_ads.c:enum_dom_groups(290)
  ads: enum_dom_groups
[2007/05/18 19:46:16, 10] nsswitch/winbindd_ads.c:ads_cached_connection(43)
  ads_cached_connection
[2007/05/18 19:46:16, 7] nsswitch/winbindd_ads.c:ads_cached_connection(51)
  Current tickets expire at 1179546374, time is now 1179510376
[2007/05/18 19:46:16, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63)
  Search for (&(objectCategory=group)(&(groupType:dn:1.2.840.113556.1.4.803:=-2147483648)(!(groupType:dn:1.2.840.113556.1.4.803:=4))))
gave 0 replies
[2007/05/18 19:46:16, 1] nsswitch/winbindd_ads.c:enum_dom_groups(339)
  enum_dom_groups: No groups found
[2007/05/18 19:46:16, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(430)
  refresh_sequence_number: WISE time ok
[2007/05/18 19:46:16, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(459)
  refresh_sequence_number: WISE seq number is now 647240
[2007/05/18 19:46:16, 3] nsswitch/winbindd_group.c:get_sam_group_entries(579)
  get_sam_group_entries: could not enumerate domain groups! Error:
NT_STATUS_UNSUCCESSFUL

What could be wrong?
-- 
Frederik

More information about the samba mailing list