[Samba] Can't chown a file to an ADS username

Eric Diven eric.diven at edsiohio.com
Tue Oct 9 17:54:55 GMT 2007 

No, I'm not looking up a specific user.  I want all of the users that
are in the passwd database.  Running getent passwd should, in theory,
accomplish this by going through all of the sources defined in
nsswitch.conf and getting all of the entries each of them have.  At
least that's my understanding of how it should work.

~Eric 

-----Original Message-----
From: Greg Byshenk [mailto:samba at byshenk.net] 
Sent: Tuesday, October 09, 2007 12:32 PM
To: samba at lists.samba.org
Cc: Eric Diven
Subject: Re: [Samba] Can't chown a file to an ADS username

On Tue, Oct 09, 2007 at 09:33:40AM -0400, Eric Diven wrote:
> Yes, these are only winbind startup messages, that's exactly the 
> problem.  I had in my nsswitch.conf file:
> 
> passwd:  compat winbind
> shadow:  compat winbind
> group:   compat winbind
> 
> which produced only the local names
> 
> To test, I changed nsswitch.conf as follows:
> 
> passwd:  winbind [UNAVAIL=retunr] compat
> shadow:  compat winbind #so I have some hope of being able to log in 
> if I didn't get it changed back, maybe
> group:   winbind [UNAVAIL=return] compat
> 
> and got *nothing* back from getent passwd.  I'm guessing this means 
> I've got a .so file in the wrong place somewhere.  Following the 
> instructions online, I have
> 
> /lib/libnss_winbind.so.2
> /lib/libnss_winbind.so -> /lib/libnss_winbind.so.2 
> /usr/lib/libnss_winbind.so -> /lib/libnss_winbind.so.2
> 
> This sure looks correct, but it's pretty clear that winbind isn't 
> getting called.

This is just a shot in the dark, but...

- Are you calling 'getent passwd DOMAIN\\user'?
- If not, do you have 'winbind use default domain = yes" set?


-greg

 
> -----Original Message-----
> From: Stas [mailto:narezatel at gmail.com]
> Sent: Monday, October 08, 2007 5:04 PM
> To: Eric Diven
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Can't chown a file to an ADS username
> 
> the winbindd.log you posted contains winbind startup messages?
> if not try to restart winbind and check winbind log for errors .
> /etc/nsswitch.conf contains winbind related strings?
> 
> 
> On 10/8/07, Eric Diven <eric.diven at edsiohio.com> wrote:
> > I'm not actually getting much from it.  I'm assuming that all of 
> > winbinds logging goes to [logpath]/winbindd.log.
> >
> > If that's the case, I'm seeing nsswitch related stuff happening when

> > winbind starts up, but not when I run getent passwd.
> > I'm running winbind at debug level 3.
> >
> > [root at localhost ~]# cat /var/log/samba/winbindd.log
> > [2007/10/08 13:18:23, 2] lib/interface.c:add_interface(81)
> >   added interface ip=192.168.100.80 bcast=192.168.100.255 
> > nmask=255.255.255.0
> > [2007/10/08 13:18:23, 2] lib/interface.c:add_interface(81)
> >   added interface ip=192.168.100.80 bcast=192.168.100.255 
> > nmask=255.255.255.0
> > [2007/10/08 13:18:23, 2] lib/tallocmsg.c:register_msg_pool_usage(61)
> >   Registered MSG_REQ_POOL_USAGE
> > [2007/10/08 13:18:23, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
> >   Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> > [2007/10/08 13:18:23, 2]
> > nsswitch/winbindd_util.c:add_trusted_domain(175)
> >   Added domain EDSI EDSI.EDSI-INT.COM
> > S-1-5-21-1993962763-329068152-1801674531
> > [2007/10/08 13:18:23, 2]
> > nsswitch/winbindd_util.c:add_trusted_domain(175)
> >   Added domain LOCALHOST  S-1-5-21-9612232-2512366426-966941693
> > [2007/10/08 13:18:23, 2]
> > nsswitch/winbindd_util.c:add_trusted_domain(175)
> >   Added domain BUILTIN  S-1-5-32
> > [2007/10/08 13:18:23, 3]
> > nsswitch/winbindd_misc.c:winbindd_interface_version(483)
> >   [    0]: request interface version
> > [2007/10/08 13:18:23, 3]
> > nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516)
> >   [    0]: request location of privileged pipe
> > [2007/10/08 13:18:23, 3] nsswitch/winbindd_misc.c:winbindd_ping(462)
> >   [    0]: ping
> > [root at localhost ~]#
> >
> > This is the result of clearing the log, restarting samba, and 
> > running getent passwd.  Nothing gets added to the log when I run it.

> > It's greek to me what the stuff from winbind start up means, but I'm

> > a little suspicious that nothing shows up on getent passwd.
> >
> > ~Eric
> >
> > -----Original Message-----
> > From: Stas [mailto:narezatel at gmail.com]
> > Sent: Monday, October 08, 2007 12:50 PM
> > To: Eric Diven
> > Cc: samba at lists.samba.org
> > Subject: Re: [Samba] Can't chown a file to an ADS username
> >
> > winbind's log may be helpful
> >
> >
> >
> > On 10/8/07, Eric Diven <eric.diven at edsiohio.com> wrote:
> > > I've got a samba install on Linux with winbind installed, etc.  
> > > I've
> 
> > > configured it the same as I have under Solaris, but for some 
> > > reason,
> 
> > > I
> >
> > > can't chown a file to an AD username.  I have joined the box to 
> > > the domain, I can wbinfo -u/-g and get lists of users and groups 
> > > on the domain.  When I run getent passwd or getent group, however,

> > > I don't see any of the domain users and groups.  I have winbind 
> > > enum users and
> >
> > > groups = yes in the smb.conf file.
> > >
> > > Eventually, I need to be able to accomplish this with enum users 
> > > and
> 
> > > groups = no for a large domain, but I'm trying to duplicate a 
> > > problem we're have with Solaris.
> > >
> > > Any ideas?  I'm happy to furnish further info/configs/logs on
> request.

--
greg byshenk  -  gbyshenk at byshenk.net  -  Leiden, NL

More information about the samba mailing list