[Samba] Can't chown a file to an ADS username
Eric Diven
eric.diven at edsiohio.com
Tue Oct 9 13:33:40 GMT 2007
Yes, these are only winbind startup messages, that's exactly the
problem. I had in my nsswitch.conf file:
passwd: compat winbind
shadow: compat winbind
group: compat winbind
which produced only the local names
To test, I changed nsswitch.conf as follows:
passwd: winbind [UNAVAIL=retunr] compat
shadow: compat winbind #so I have some hope of being able to log in if
I didn't get it changed back, maybe
group: winbind [UNAVAIL=return] compat
and got *nothing* back from getent passwd. I'm guessing this means I've
got a .so file in the wrong place somewhere. Following the instructions
online, I have
/lib/libnss_winbind.so.2
/lib/libnss_winbind.so -> /lib/libnss_winbind.so.2
/usr/lib/libnss_winbind.so -> /lib/libnss_winbind.so.2
This sure looks correct, but it's pretty clear that winbind isn't
getting called.
~Eric
-----Original Message-----
From: Stas [mailto:narezatel at gmail.com]
Sent: Monday, October 08, 2007 5:04 PM
To: Eric Diven
Cc: samba at lists.samba.org
Subject: Re: [Samba] Can't chown a file to an ADS username
the winbindd.log you posted contains winbind startup messages?
if not try to restart winbind and check winbind log for errors .
/etc/nsswitch.conf contains winbind related strings?
On 10/8/07, Eric Diven <eric.diven at edsiohio.com> wrote:
> I'm not actually getting much from it. I'm assuming that all of
> winbinds logging goes to [logpath]/winbindd.log.
>
> If that's the case, I'm seeing nsswitch related stuff happening when
> winbind starts up, but not when I run getent passwd.
> I'm running winbind at debug level 3.
>
> [root at localhost ~]# cat /var/log/samba/winbindd.log
> [2007/10/08 13:18:23, 2] lib/interface.c:add_interface(81)
> added interface ip=192.168.100.80 bcast=192.168.100.255
> nmask=255.255.255.0
> [2007/10/08 13:18:23, 2] lib/interface.c:add_interface(81)
> added interface ip=192.168.100.80 bcast=192.168.100.255
> nmask=255.255.255.0
> [2007/10/08 13:18:23, 2] lib/tallocmsg.c:register_msg_pool_usage(61)
> Registered MSG_REQ_POOL_USAGE
> [2007/10/08 13:18:23, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> [2007/10/08 13:18:23, 2]
> nsswitch/winbindd_util.c:add_trusted_domain(175)
> Added domain EDSI EDSI.EDSI-INT.COM
> S-1-5-21-1993962763-329068152-1801674531
> [2007/10/08 13:18:23, 2]
> nsswitch/winbindd_util.c:add_trusted_domain(175)
> Added domain LOCALHOST S-1-5-21-9612232-2512366426-966941693
> [2007/10/08 13:18:23, 2]
> nsswitch/winbindd_util.c:add_trusted_domain(175)
> Added domain BUILTIN S-1-5-32
> [2007/10/08 13:18:23, 3]
> nsswitch/winbindd_misc.c:winbindd_interface_version(483)
> [ 0]: request interface version
> [2007/10/08 13:18:23, 3]
> nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516)
> [ 0]: request location of privileged pipe
> [2007/10/08 13:18:23, 3] nsswitch/winbindd_misc.c:winbindd_ping(462)
> [ 0]: ping
> [root at localhost ~]#
>
> This is the result of clearing the log, restarting samba, and running
> getent passwd. Nothing gets added to the log when I run it. It's
> greek to me what the stuff from winbind start up means, but I'm a
> little suspicious that nothing shows up on getent passwd.
>
> ~Eric
>
> -----Original Message-----
> From: Stas [mailto:narezatel at gmail.com]
> Sent: Monday, October 08, 2007 12:50 PM
> To: Eric Diven
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Can't chown a file to an ADS username
>
> winbind's log may be helpful
>
>
>
> On 10/8/07, Eric Diven <eric.diven at edsiohio.com> wrote:
> > I've got a samba install on Linux with winbind installed, etc. I've
> > configured it the same as I have under Solaris, but for some reason,
> > I
>
> > can't chown a file to an AD username. I have joined the box to the
> > domain, I can wbinfo -u/-g and get lists of users and groups on the
> > domain. When I run getent passwd or getent group, however, I don't
> > see any of the domain users and groups. I have winbind enum users
> > and
>
> > groups = yes in the smb.conf file.
> >
> > Eventually, I need to be able to accomplish this with enum users and
> > groups = no for a large domain, but I'm trying to duplicate a
> > problem we're have with Solaris.
> >
> > Any ideas? I'm happy to furnish further info/configs/logs on
request.
> >
> > ~Eric
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/listinfo/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list