[Samba] "wbinfo -g"return incomplete list
PIGNOL, Christian
christian_pignol at merck.com
Tue Nov 4 10:33:07 GMT 2008
Hello,
I've a trouble with my Samba (3.0.10-1.4E.11) on a RHEL4.
This Samba was joined in a Windows AD Domain without problem.
Bellow, an extract of the smb.conf (without the share)
[global]
workgroup = ONE
realm = MYDOM.COM
netbios aliases = srv0001
server string = SRV0001 / Intranet & Applications Server
security = DOMAIN
password server = PWDSRV01, PWDSRV02, PWDSRV03, *
algorithmic rid base = 100000
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
log level = 4
log file = /var/log/samba/%m.log
max log size = 1000
debug pid = Yes
debug uid = Yes
max xmit = 65535
socket options = IPTOS_THROUGHPUT TCP_NODELAY SO_RCVBUF=16384
SO_SNDBUF=16384
add user script = /usr/sbin/useradd %u -g smbusers
delete user script = /usr/sbin/userdel %u
os level = 33
preferred master = No
local master = No
domain master = No
dns proxy = No
wins server = xx.xx.xx.xx yy.yy.yy.yy
ldap ssl = no
idmap uid = 100000-999999999
idmap gid = 100000-999999999
template shell = /bin/bash
winbind separator = /
winbind enable local accounts = Yes
winbind use default domain = Yes
winbind nested groups = Yes
create mask = 0775
nt acl support = No
printing = lprng
print command = lpr -r -P'%p' %s
lpq command = lpq -P'%p'
lprm command = lprm -P'%p' %j
lppause command = lpc hold '%p' %j
lpresume command = lpc release '%p' %j
queuepause command = lpc stop '%p'
queueresume command = lpc start '%p'
This domain, ONE.MYDOM.COM has bidirectionnal relationships with other
domains ... TWO.MYDOM.COM THREE.MYDOM.COM ...etc, ...
When I ask a list of domains with "wbinfo -m", the result is :
[root at srv0001 samba]# wbinfo -m
SRV0001
BUILTIN
TWO
THREE
FOUR
FIVE
. . .
[root at srv0001 samba]#
I see all the trusted domain, well, but I don't see the ONE domain !
A "wbinfo -g" command return me only trusted domains groups ... never
groups of the primary "ONE" domain
It seems that everything is working fine ... (see below)
[root at srv0001 samba]# wbinfo -n ONE/user01
S-1-5-21-6776287-1952083785-2110791508-497344 User (1)
[root at srv0001 samba]# wbinfo -S
S-1-5-21-6776287-1952083785-2110791508-497344
100020
[root at srv0001 samba]# wbinfo -t
checking the trust secret via RPC calls succeeded
[root at srv0001 samba]# wbinfo -a ONE/user01%good_password
plaintext password authentication succeeded
challenge/response password authentication succeeded
[root at srv0001 samba]# wbinfo -a ONE/user01%bad_password
challenge/response password authentication failed
error code was NT_STATUS_WRONG_PASSWORD (0xc000006a)
error messsage was: Wrong Password
Could not authenticate user ONE/user01 with challenge/response
[root at srv0001 samba]#
Except accessing groups and users of the primary domain ONE ... and I
need to access these groups to include them in ACLs
When I try a "wbinfo -g", I see the following message in winbindd.log :
[2008/11/04 11:30:25, 3, pid=22415, effective(0, 0), real(0, 0)]
nsswitch/winbindd_group.c:get_sam_group_entries(536)
get_sam_group_entries: could not enumerate domain groups! Error:
NT_STATUS_ACCESS_DENIED
Is it related ?
Any help would be appreciated.
Thanks a lot in advance and regards.
Christian PIGNOL
04 73 67 48 65
Notice: This e-mail message, together with any attachments, contains
information of Merck & Co., Inc. (One Merck Drive, Whitehouse Station,
New Jersey, USA 08889), and/or its affiliates (which may be known
outside the United States as Merck Frosst, Merck Sharp & Dohme or
MSD and in Japan, as Banyu - direct contact information for affiliates is
available at http://www.merck.com/contact/contacts.html) that may be
confidential, proprietary copyrighted and/or legally privileged. It is
intended solely for the use of the individual or entity named on this
message. If you are not the intended recipient, and have received this
message in error, please notify us immediately by reply e-mail and
then delete it from your system.
More information about the samba
mailing list