[Samba] wbinfo -u and -g work, getent passwd works, getent group DOES NOT WORK

Jeff LePage Jeff.LePage at asg.com
Sat Aug 2 04:30:20 GMT 2008 

Hi,

I'm trying to get some Ubuntu8.04 clients to authenticate to an Ubuntu8.04 Samba domain controller.  Everyone is running Samba 3.0.28a.

Side question: should I upgrade to 3.2?  Keep in mind that means finding binaries for ubuntu or compiling from source for a server and 20 clients.  

Basically wbinfo -u and -g work, getent passwd works, getent group DOES NOT WORK.

My domain is called ORA and I've set up some test users,etc.  See the output of wbinfo and getent below.  Following the output of wbinfo is my smb.conf's for the server and client.

When my domain users login everything works except that there's no group name, only a gid.
in the log.winbind I get this:

[2008/08/01 22:11:26, 1] nsswitch/winbindd_group.c:fill_grent_mem(365)
  could not lookup membership for group sid S-1-5-21-2023487214-2483299788-1506694197-1009 in domain ORA (error: NT_STATUS_NO_SUCH_GROUP)
[2008/08/01 22:11:26, 0] nsswitch/winbindd_group.c:winbindd_getgrent(1110)
  could not lookup domain group ORA\bob3


output of getent and wbinfo
----------------------------------
ubuntu01 at ubuntu19:~$ wbinfo -u
ORA\bob3
ORA\smbadmin
ORA\bob4
ORA\bob
ORA\bob2
ubuntu01 at ubuntu19:~$ wbinfo -g
BUILTIN\administrators
BUILTIN\users
ORA\bob
ORA\domain admins
ORA\bob3
ORA\bob4
ORA\bob2
ORA\server admins
ORA\hosts
ubuntu01 at ubuntu19:~$ getent passwd | egrep ORA
ORA\bob3:*:31006:10513::/home/ORA/bob3:/bin/bash
ORA\smbadmin:*:13016:10513::/home/ORA/smbadmin:/bin/bash
ORA\bob4:*:31008:10513::/home/ORA/bob4:/bin/bash
ORA\bob:*:13012:10513::/home/ORA/bob:/bin/bash
ORA\bob2:*:31000:10513::/home/ORA/bob2:/bin/bash
ubuntu01 at ubuntu19:~$ getent group | egrep ORA
ubuntu01 at ubuntu19:~$ getent group | tail -5
sambashare:x:125:ubuntu01
winbindd_priv:x:126:
dirmngr:x:127:
BUILTIN\administrators:x:10000:
BUILTIN\users:x:10001:
ubuntu01 at ubuntu19:~$ smbd -V
Version 3.0.28a
ubuntu01 at ubuntu19:~$ 


smb.conf for server:
------------------------
[global]
        log level = 2 
        workgroup = ORA
        netbios name = SAMBA1
        server string = %h server (Samba, Ubuntu) 
        passdb backend = tdbsam
        security = user
        encrypt passwords = yes 
        domain logons = yes
        preferred master = yes
        logon path = 
        logon home = 
        logon drive = P: 
        enable privileges = yes
        domain master = yes
        os level = 33
        local master = yes
        add machine script = /usr/sbin/useradd -g hosts -s /bin/false '%u' 
        add user script = /usr/sbin/useradd -m '%u'
        delete user script = /usr/sbin/userdel '%u'
        rename user script = /usr/sbin/usermod -l '%unew' '%uold'
        add group script = /usr/sbin/groupadd '%g'
        delete group script = /usr/sbin/groupdel '%g'
        add user to group script = /usr/sbin/usermod -a -G '%g' '%u'
        delete user from group script =   deluser '%u' '%g'  
        set primary group script = /usr/sbin/usermod -g '%g' '%u'

[public]
        path = /export/tmp
        read only = No
[netlogon]
        comment = Net Logon service
        path = /data/netlogon
        read only = yes
        write list = +ntadmin
[profiles]
        comment = User roaming profiles
        path = /data/profiles
        valid users = %U
        create mask = 0600
        directory mask = 0700
        read only = no
        guest ok = no

[homes]
        comment = Home directory for %U
        read only = no
        valid users = %S


smb.conf for client
-------------------------
[global]
   workgroup = ORA
   server string = %h server (Samba, Ubuntu)
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
security = Domain 
   encrypt passwords = true
   password server = samba1
   passdb backend = tdbsam
   obey pam restrictions = yes
   invalid users = root
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
map to guest = bad user
   socket options = TCP_NODELAY
allow trusted domains = no
idmap backend = rid:ORA=10000-2000000
idmap uid = 10000-2000000
idmap gid = 10000-2000000
template shell = /bin/bash
template homedir = /home/%D/%U
winbind cache time = 0
winbind enum users = yes
winbind enum groups = yes
   usershare allow guests = yes
[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no

More information about the samba mailing list