[Samba] Solaris 9 Winbind "ls -l" hangs - group mapping

Bai, Junmin junmin.bai at dha.gov.au
Thu Nov 22 23:22:05 GMT 2007

I removed winbind from group entry in /etc/nsswitch.conf, otherwise ssh
session would timeout and lost connection. In this way, Samba still
works. Samba still can use domain groups and domain users to grant
access. Only 'getent group domain_group" doesn't work.


-----Original Message-----
From: samba-bounces+junmin.bai=dha.gov.au at lists.samba.org
[mailto:samba-bounces+junmin.bai=dha.gov.au at lists.samba.org] On Behalf
Of Gibbings, Kevan
Sent: Friday, 23 November 2007 4:36 AM
To: samba at lists.samba.org
Subject: [Samba] Solaris 9 Winbind "ls -l" hangs - group mapping

OS Solaris 5.9 (9) Generic_122300-13 (clean build)

nscd daemon has been disabled and is not running



Samba Version 3.0.26a

Complied using the following options --with-acl-support -with-winbind


smbd, nmbd & winbind daemons are all started



      workgroup = MTCB2

      security = domain


      log level = 3

      log file = /usr/local/samba/var/samba.log.%U

      max log size = 20000

      ldap ssl = no


      wins server =

      dns proxy = yes

      name resolve order = wins bcast host


      idmap uid = 10000-20000

      idmap gid = 1000-2000


      winbind enum users = yes

      winbind enum groups = yes

      template homedir = /usr/people/winnt/%D/%U

      template shell = /bin/csh



      comment = Data

      path = /data

      valid users = @"MTCB2\domain users"

      browseable = yes

      available = yes

      read only = No


Requirement: Use winbind to authenticate XP clients.


Domain Windows 2003 (Domain functional level 2000 native)



passwd: files winbind

group: files winbind


I have complied configured and installed Samba on a test network. I have
joined the samba server as a domain member on to the Windows 2003 domain
and I can list all the users and groups in the domain using  wbinfo -u
and groups using wbinfo -g. I can also list all the users using "getent
passwd" but when I run the command "getent group" I only get one of the
domain groups returned.


I can logon to an XP client access the shares on the Samba server and
create files, folders etc. I can list these file on the UNIX server
using "ls" but if I try and use "ls -l" the command just hangs. Also
"smbstatus" hands if there are any files open.


If I remove the winbind from the group entry in the nsswitch.conf file
then I can list the contents of the folders, obviously the group names
do not appear but the domain usernames do. I can then also get a from
"smbstatus" again all group name a shown as there mapped ID


Authentication is very quick, there just seems to be a problem with
group mapping.



I followed the instructions on this web page to install and configure.





Other tests carried out


smbclient -L hostname

nmblookup -B ip_addr __SAMBA__

nmblookup -N ip_addre "*"

nmlookup -M DOMAIN


The gid range does not clash with existing groups and I cannot see any
errors in the log files.


All give normal output.


Any ideas?


Kevan Gibbings
System Engineer
SAIC Motor UK Technical Centre Ltd
Southam Road, Radford Semele, Leamington Spa, Warwickshire, CV31 1FQ, UK
Direct Dial +44 (0)1926 319496 Direct Fax +44 (0)1926 477144 Tel +44
(0)1926 319319 Fax +44(0) 1926 477144 Email
kevan.gibbings at partner.saicmotor.co.uk
<mailto:kevan.gibbings at partner.saicmotor.co.uk> 

This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this e-mail in error please notify the
sender immediately and delete this e-mail from your system. Please note
that any views or opinions presented in this e-mail are solely those of
the author and do not necessarily represent those of SAIC Motor UK
Technical Centre Limited (save for reports and other documentation
formally approved and signed for release to the intended recipient).
Only Directors or Duly Authorised Officers are authorised to enter into
legally binding obligations on behalf of SAIC Motor UK Technical Centre
Limited unless the obligation is contained within a SAIC Motor UK
Technical Centre Limited Purchase Order.

SAIC Motor UK Technical Centre Limited may monitor outgoing and incoming
e-mails and other telecommunications on its e-mail and
telecommunications systems. By replying to this e-mail you give consent
to such monitoring. The recipient should check e-mail and any
attachments for the presence of viruses. SAIC Motor UK Technical Centre
Limited accepts no liability for any damage caused by any virus
transmitted by this e-mail.

SAIC Motor UK Technical Centre Limited is registered in England with
number 05437330. The registered office of SAIC Motor UK Technical Centre
Limited is 100 New Bridge Street, London, EC4V 6JA. The communications
address is Southam Road, Radford Semele, Leamington Spa, Warwickshire
CV31 1FQ
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Important: This email and any attachments may be confidential and may be privileged.
If the email is not addressed to you please return it to us and destroy any copies you may have.
Unauthorised use of this email and any attachment is prohibited.

Defence Housing Australia will send you correspondence and documents
 by email if you request or if you use email to contact us.
Email is not a secure form of communication and may transmit computer viruses.
We take no responsibility for misdirection, corruption or unauthorised use of email communications
 nor for any damage that may be caused as a result of transmitting or receiving an  email communication.
It is your responsibility to establish your own protection against viruses or other damage. 

This message has been scanned for viruses
and spam by SurfControl RiskFilter - E-mail.

More information about the samba mailing list