[Samba] getent not listing ADS users ctdb samba

Evan Koutsandreou e.koutsandreou at optusnet.com.au
Tue Jun 3 10:09:25 GMT 2008 

this seems to have been created during the rpm install, see below

[root at RHEL5ONE samba]# rpm -ql samba-winbind-32bit-3.0.25-ctdb.16
/lib/libnss_winbind.so
/lib/libnss_winbind.so.2
/lib/libnss_wins.so
/lib/libnss_wins.so.2
/lib/security/pam_winbind.so

 

[root at RHEL5ONE samba]# ls -lasp /lib | grep libnss
  40 -rwxr-xr-x  1 root root   36340 Jul  5  2007 libnss_compat-2.5.so
   4 lrwxrwxrwx  1 root root      20 May 26 08:37 libnss_compat.so.2 ->
libnss_compat-2.5.so
 816 -rwxr-xr-x  1 root root  824900 Jul 13  2006 libnss_db-2.2.so
   4 lrwxrwxrwx  1 root root      16 May 26 08:39 libnss_db.so.2 ->
libnss_db-2.2.so
  28 -rwxr-xr-x  1 root root   21848 Jul  5  2007 libnss_dns-2.5.so
   4 lrwxrwxrwx  1 root root      17 May 26 08:37 libnss_dns.so.2 ->
libnss_dns-2.5.so
  52 -rwxr-xr-x  1 root root   46740 Jul  5  2007 libnss_files-2.5.so
   4 lrwxrwxrwx  1 root root      19 May 26 08:37 libnss_files.so.2 ->
libnss_files-2.5.so
  28 -rwxr-xr-x  1 root root   22752 Jul  5  2007 libnss_hesiod-2.5.so
   4 lrwxrwxrwx  1 root root      20 May 26 08:37 libnss_hesiod.so.2 ->
libnss_hesiod-2.5.so
3036 -rwxr-xr-x  1 root root 3099444 Jul  6  2007 libnss_ldap-2.5.so
   4 lrwxrwxrwx  1 root root      18 May 26 08:40 libnss_ldap.so.2 ->
libnss_ldap-2.5.so
  48 -rwxr-xr-x  1 root root   42368 Jul  5  2007 libnss_nis-2.5.so
  60 -rwxr-xr-x  1 root root   51696 Jul  5  2007 libnss_nisplus-2.5.so
   4 lrwxrwxrwx  1 root root      21 May 26 08:37 libnss_nisplus.so.2 ->
libnss_nisplus-2.5.so
   4 lrwxrwxrwx  1 root root      17 May 26 08:37 libnss_nis.so.2 ->
libnss_nis-2.5.so
  20 -rwxr-xr-x  1 root root   19408 Jan 31 10:30 libnss_winbind.so
   0 lrwxrwxrwx  1 root root      17 Jun  3 18:36 libnss_winbind.so.2 ->
libnss_winbind.so
1016 -rwxr-xr-x  1 root root 1032916 Jan 31 10:30 libnss_wins.so
   0 lrwxrwxrwx  1 root root      14 Jun  3 18:36 libnss_wins.so.2 ->
libnss_wins.so

-----Original Message-----
From: samba-bounces+e.koutsandreou=optusnet.com.au at lists.samba.org
[mailto:samba-bounces+e.koutsandreou=optusnet.com.au at lists.samba.org] On
Behalf Of Evan Koutsandreou
Sent: Tuesday, 3 June 2008 7:09 PM
To: samba at lists.samba.org
Subject: [Samba] getent not listing ADS users ctdb samba

 

Hi,

 

I am setting up ctdb samba, and have hit a brick wall trying to solve the
following issue.

 

1.	getent does not retrieve the list of domain users or groups (wbinfo
works fine)

 

I'm not sure what I'm missing but I've almost spent the whole day trying to
resolve this one and haven't made any progress :-(

 

Any help or suggestions are appreciated

 

My configuration is as follows

 

Installed pre-built RHEL binaries from ctdb.samba

ctdb-1.0-41.src.rpm

ctdb-1.0-41.x86_64.rpm

ctdb-debuginfo-1.0-41.x86_64.rpm

samba-3.0.25-ctdb.16.src.rpm

samba-3.0.25-ctdb.16.x86_64.rpm

samba-client-3.0.25-ctdb.16.x86_64.rpm

samba-common-3.0.25-ctdb.16.x86_64.rpm

samba-debuginfo-3.0.25-ctdb.16.x86_64.rpm

samba-doc-3.0.25-ctdb.16.x86_64.rpm

samba-swat-3.0.25-ctdb.16.x86_64.rpm

samba-winbind-32bit-3.0.25-ctdb.16.i386.rpm

 

 

SMB.CONF

[global]

        workgroup = PLANET

        realm = PLANET.AD

        netbios name = CTDBSAMBA

        server string = CTDB Samba Server

        security = ADS

        private dir = /gpfs/gpfs0/SMBDconfig

        log file = /usr/local/samba/var/log.%m

        max log size = 50

        clustering = Yes

        dns proxy = No

        ldap ssl = no

        idmap backend = tdb2

        idmap uid = 10000-20000

        idmap gid = 10000-20000

        winbind separator = +

 

[homes]

        comment = Home Directories

        read only = No

        browseable = No

 

[printers]

        comment = All Printers

        path = /usr/spool/samba

        printable = Yes

        browseable = No

 

[GPFSGLOBAL]

        comment = "GPFS Global Share"

        path = /gpfs/gpfs0/GLOBALSHARE

        read only = No

        force unknown acl user = Yes

        vfs objects = gpfs

        nfs4:acedup = merge

        nfs4:chown = yes

        nfs4:mode = special

        gpfs:sharemodes = No

        fileid:mapping = fsname

 

 

KRB5.CONF

[logging]

 default = FILE:/var/log/krb5libs.log

 kdc = FILE:/var/log/krb5kdc.log

 admin_server = FILE:/var/log/kadmind.log

 

[libdefaults]

        default_realm = PLANET.AD

 

[realms]

 PLANET.AD = {

        kdc = msad2k3.planet.ad

        admin_server = msad2k3

 }

 

[domain_realm]

        .msad2k3.planet.ad = PLANET.AD

 

[appdefaults]

 pam = {

   debug = false

   ticket_lifetime = 36000

   renew_lifetime = 36000

   forwardable = true

   krb4_convert = false

 }

 

NSSWITCH.CONF

passwd:     files winbind

shadow:     files

group:      files winbind

 

 

SYSTEM-AUTH

#%PAM-1.0

# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth        required      pam_env.so

 

### WINBIND AUTH ###

auth    sufficient      /lib/security/pam_winbind.so

 

auth        sufficient    pam_unix.so nullok try_first_pass

auth        requisite     pam_succeed_if.so uid >= 500 quiet

auth        required      pam_deny.so

 

 

### WINBIND AUTH ###

account    sufficient      /lib/security/pam_winbind.so

 

account     required      pam_unix.so

account     sufficient    pam_succeed_if.so uid < 500 quiet

account     required      pam_permit.so

 

password    requisite     pam_cracklib.so try_first_pass retry=3

password    sufficient    pam_unix.so md5 shadow nullok try_first_pass
use_authtok

password    required      pam_deny.so

 

session     optional      pam_keyinit.so revoke

session     required      pam_limits.so

session     [success=1 default=ignore] pam_succeed_if.so service in crond
quiet use_uid

session     required      pam_unix.so

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list