[Samba] wbinfo works fine, getent only works for builtin groups

Robert Fraser rab.fraser at gmail.com
Mon Aug 25 13:02:32 GMT 2008


Hi

I am having a lot of trouble getting users from a trusted domain to access
shares and files.  getent passwd / get group doesn't retrieve domain users
or groups, so I can't set permissions for the users or groups from the
trusted domain

The domain having problems is:
Ubuntu 6.06 Server
Samba Version 3.0.22

The trusted domain is:
Ubuntu 8.04 Server
Samba Version 3.0.28a


wbinfo -u and wbinfo -g work fine and bring up a list of the trusted domain
users and groups

wbinfo --sid-to-name=SID, --authenticate=user%password, -t,
--trusted-domains  all work fine for the local domain and the trusted domain

When I do a getent passwd, I only get the local /etc/passwd users

When I do a getent group, I get the local /etc/group groups, and the
BUILTIN\administrators and BUILTIN\users

After a getent, log.winbind is full of entries like this:



[2008/08/26 00:29:10, 10] nsswitch/winbindd_group.c:winbindd_getgrent(1006)
  SID S-1-5-21-2824201121-3407686785-855272569-3033 not in idmap
[2008/08/26 00:29:10, 1] nsswitch/winbindd_group.c:winbindd_getgrent(1011)
  could not look up gid for group CADUsers
[2008/08/26 00:29:10, 10] nsswitch/winbindd_group.c:winbindd_getgrent(961)
  entry_index = 3, num_entries = 8
[2008/08/26 00:29:10, 10]
nsswitch/idmap_cache.c:idmap_cache_set_negative_sid(258)
  Adding cache entry with key =
IDMAP/SID/S-1-5-21-2824201121-3407686785-855272569-3039; value =
1219667470/IDMAP/NEGATIVE and timeout = Tue Aug 26 00:31:10 200
8 (120 seconds ahead)
[2008/08/26 00:29:10, 10] nsswitch/winbindd_group.c:winbindd_getgrent(1006)
  SID S-1-5-21-2824201121-3407686785-855272569-3039 not in idmap
[2008/08/26 00:29:10, 1] nsswitch/winbindd_group.c:winbindd_getgrent(1011)
  could not look up gid for group dundirectors
[2008/08/26 00:29:10, 10] nsswitch/winbindd_group.c:winbindd_getgrent(961)
  entry_index = 4, num_entries = 8
[2008/08/26 00:29:10, 10]
nsswitch/idmap_cache.c:idmap_cache_set_negative_sid(258)
  Adding cache entry with key =
IDMAP/SID/S-1-5-21-2824201121-3407686785-855272569-513; value =
1219667470/IDMAP/NEGATIVE and timeout = Tue Aug 26 00:31:10 2008
   (120 seconds ahead)
[2008/08/26 00:29:10, 10] nsswitch/winbindd_group.c:winbindd_getgrent(1006)
  SID S-1-5-21-2824201121-3407686785-855272569-513 not in idmap
[2008/08/26 00:29:10, 1] nsswitch/winbindd_group.c:winbindd_getgrent(1011)
  could not look up gid for group Domain Users
[2008/08/26 00:29:10, 10] nsswitch/winbindd_group.c:winbindd_getgrent(961)
  entry_index = 5, num_entries = 8
[2008/08/26 00:29:10, 10]
nsswitch/idmap_cache.c:idmap_cache_set_negative_sid(258)
  Adding cache entry with key =
IDMAP/SID/S-1-5-21-2824201121-3407686785-855272569-3029; value =
1219667470/IDMAP/NEGATIVE and timeout = Tue Aug 26 00:31:10 200
8 (120 seconds ahead)

Can anyone suggest what I can do to fix this?

Thanks for any help
Rob


More information about the samba mailing list