[Samba] Winbind syslog errors and Domain Local Groups
(private) HKS
hks.private at gmail.com
Mon Jul 7 21:01:01 GMT 2008
Hello all.
I'm relatively new to Samba, and haven't been able to track down a
solution to this particular problem.
I use Samba/Winbind to authenticate FreeBSD machines against a
Windows 2003 Active Directory. That all works fine. The problem is
that groups in the AD of type "Security Group - Domain Local" are
causing winbindd a lot of grief. Every time the winbindd daemon is
accessed, it spews syslog messages like these for every Domain
Local group in the AD:
--------------------
Jul 7 16:36:15 testbox winbindd[50492]: [2008/07/07 16:36:15, 0]
nsswitch/winbindd_group.c:winbindd_getgrent(1110)
Jul 7 16:36:15 testbox winbindd[50492]: could not lookup domain
group dhcp users
Jul 7 16:36:15 testbox winbindd[50492]: [2008/07/07 16:36:15, 0]
nsswitch/winbindd_group.c:winbindd_getgrent(1110)
Jul 7 16:36:15 testbox winbindd[50492]: could not lookup domain
group dhcp administrators
Jul 7 16:36:15 testbox winbindd[50492]: [2008/07/07 16:36:15, 0]
nsswitch/winbindd_group.c:winbindd_getgrent(1110)
Jul 7 16:36:15 testbox winbindd[50492]: could not lookup domain
group dnsadmins
Jul 7 16:36:15 testbox winbindd[50492]: [2008/07/07 16:36:15, 0]
nsswitch/winbindd_group.c:winbindd_getgrent(1110)
Jul 7 16:36:15 testbox winbindd[50492]: could not lookup domain
group debugger users
---------------------
All non-local groups show up just fine in the BSD system. Local
groups do not show up in a getent group.
All groups, including the local ones, show up when I run wbinfo -g.
Running wbinfo -n <localgroup> comes back with a SID:
$ wbinfo -n dnsadmins
<munged-SID> Local Group (4)
This SID is trackable back to a gid:
$ sudo wbinfo --sid-to-gid <munged-SID>
11105
Why, then, are these groups not actually getting populated? Can anyone
shed some light on this?
-HKS
More information about the samba
mailing list