[Samba] Can't chown a file to an ADS username

Greg Byshenk samba at byshenk.net
Tue Oct 9 16:32:26 GMT 2007 

On Tue, Oct 09, 2007 at 09:33:40AM -0400, Eric Diven wrote:
> Yes, these are only winbind startup messages, that's exactly the
> problem.  I had in my nsswitch.conf file:
> 
> passwd:  compat winbind
> shadow:  compat winbind
> group:   compat winbind
> 
> which produced only the local names
> 
> To test, I changed nsswitch.conf as follows:
> 
> passwd:  winbind [UNAVAIL=retunr] compat
> shadow:  compat winbind #so I have some hope of being able to log in if
> I didn't get it changed back, maybe
> group:   winbind [UNAVAIL=return] compat
> 
> and got *nothing* back from getent passwd.  I'm guessing this means I've
> got a .so file in the wrong place somewhere.  Following the instructions
> online, I have
> 
> /lib/libnss_winbind.so.2
> /lib/libnss_winbind.so -> /lib/libnss_winbind.so.2
> /usr/lib/libnss_winbind.so -> /lib/libnss_winbind.so.2
> 
> This sure looks correct, but it's pretty clear that winbind isn't
> getting called.

This is just a shot in the dark, but...

- Are you calling 'getent passwd DOMAIN\\user'?
- If not, do you have 'winbind use default domain = yes" set?


-greg

 
> -----Original Message-----
> From: Stas [mailto:narezatel at gmail.com] 
> Sent: Monday, October 08, 2007 5:04 PM
> To: Eric Diven
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Can't chown a file to an ADS username
> 
> the winbindd.log you posted contains winbind startup messages?
> if not try to restart winbind and check winbind log for errors .
> /etc/nsswitch.conf contains winbind related strings?
> 
> 
> On 10/8/07, Eric Diven <eric.diven at edsiohio.com> wrote:
> > I'm not actually getting much from it.  I'm assuming that all of 
> > winbinds logging goes to [logpath]/winbindd.log.
> >
> > If that's the case, I'm seeing nsswitch related stuff happening when 
> > winbind starts up, but not when I run getent passwd.
> > I'm running winbind at debug level 3.
> >
> > [root at localhost ~]# cat /var/log/samba/winbindd.log
> > [2007/10/08 13:18:23, 2] lib/interface.c:add_interface(81)
> >   added interface ip=192.168.100.80 bcast=192.168.100.255 
> > nmask=255.255.255.0
> > [2007/10/08 13:18:23, 2] lib/interface.c:add_interface(81)
> >   added interface ip=192.168.100.80 bcast=192.168.100.255 
> > nmask=255.255.255.0
> > [2007/10/08 13:18:23, 2] lib/tallocmsg.c:register_msg_pool_usage(61)
> >   Registered MSG_REQ_POOL_USAGE
> > [2007/10/08 13:18:23, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
> >   Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> > [2007/10/08 13:18:23, 2]
> > nsswitch/winbindd_util.c:add_trusted_domain(175)
> >   Added domain EDSI EDSI.EDSI-INT.COM
> > S-1-5-21-1993962763-329068152-1801674531
> > [2007/10/08 13:18:23, 2]
> > nsswitch/winbindd_util.c:add_trusted_domain(175)
> >   Added domain LOCALHOST  S-1-5-21-9612232-2512366426-966941693
> > [2007/10/08 13:18:23, 2]
> > nsswitch/winbindd_util.c:add_trusted_domain(175)
> >   Added domain BUILTIN  S-1-5-32
> > [2007/10/08 13:18:23, 3]
> > nsswitch/winbindd_misc.c:winbindd_interface_version(483)
> >   [    0]: request interface version
> > [2007/10/08 13:18:23, 3]
> > nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516)
> >   [    0]: request location of privileged pipe
> > [2007/10/08 13:18:23, 3] nsswitch/winbindd_misc.c:winbindd_ping(462)
> >   [    0]: ping
> > [root at localhost ~]#
> >
> > This is the result of clearing the log, restarting samba, and running 
> > getent passwd.  Nothing gets added to the log when I run it.  It's 
> > greek to me what the stuff from winbind start up means, but I'm a 
> > little suspicious that nothing shows up on getent passwd.
> >
> > ~Eric
> >
> > -----Original Message-----
> > From: Stas [mailto:narezatel at gmail.com]
> > Sent: Monday, October 08, 2007 12:50 PM
> > To: Eric Diven
> > Cc: samba at lists.samba.org
> > Subject: Re: [Samba] Can't chown a file to an ADS username
> >
> > winbind's log may be helpful
> >
> >
> >
> > On 10/8/07, Eric Diven <eric.diven at edsiohio.com> wrote:
> > > I've got a samba install on Linux with winbind installed, etc.  I've
> 
> > > configured it the same as I have under Solaris, but for some reason,
> 
> > > I
> >
> > > can't chown a file to an AD username.  I have joined the box to the 
> > > domain, I can wbinfo -u/-g and get lists of users and groups on the 
> > > domain.  When I run getent passwd or getent group, however, I don't 
> > > see any of the domain users and groups.  I have winbind enum users 
> > > and
> >
> > > groups = yes in the smb.conf file.
> > >
> > > Eventually, I need to be able to accomplish this with enum users and
> 
> > > groups = no for a large domain, but I'm trying to duplicate a 
> > > problem we're have with Solaris.
> > >
> > > Any ideas?  I'm happy to furnish further info/configs/logs on
> request.

-- 
greg byshenk  -  gbyshenk at byshenk.net  -  Leiden, NL

More information about the samba mailing list