[Samba] Trying to get uid and gid to match and getent to work

phwashington at tx.rr.com phwashington at tx.rr.com
Fri Nov 7 18:23:34 GMT 2008 

---- phwashington at tx.rr.com wrote: 
> 
> ---- phwashington at tx.rr.com wrote: 
> > I am using the following in my smb.conf on samba-3.0.28-0.el5.8
> > 
> >         idmap domains = MYDOMAIN
> >         idmap config MYDOMAIN:backend        = rid
> >         idmap config MYDOMAIN:base_rid       = 998
> >         idmap config MYDOMAIN:range          = 998 - 49999
> >         idmap uid = 998-20000
> >         idmap gid = 998-20000
> >         template homedir = /home/users/%U
> > #       template primary group = "Domain Users"
> >         template shell = /bin/bash
> >         winbind separator = +
> > ;       winbind use default domain = Yes
> >         winbind enum users = yes
> >         winbind enum groups = yes
> > 
> > The problem was first noticed when we connected to another member server and noticed that all of the usernames and groups were different.
> > During trouble shooting we noticed that wbinfo was reporting the list of users but getent was not check libnss_winbind.so
> > We just copied it to every directory we thought it might be looking
> > 
> > /lib/libnss_winbind.so
> > /lib64/libnss_winbind.so
> > /lib64/libnss_winbind.so.2
> > /lib64/security/pam_winbind.so
> > /usr/lib/libnss_winbind.so
> > /usr/lib64/libnss_winbind.so
> > /usr/lib64/nss/libnss_winbind.so
> > /usr/lib64/nss/libnss_winbind.so.2
> > /usr/lib64/pppd/2.4.4/winbind.so
> > 
> > Deleted the /var/cache/samba/winbind_cache.tdb
> > and  winbindd_idmap.tdb
> > 
> > after restarting winbind and samba the winbindd_idmap.tdp did not reappear.
> > and getent was still not working.
> > 
> > Also seeing the following error when restart winbind
> > 
> > Nov  6 11:57:58 localhost winbindd[21350]: [2008/11/06 11:57:58, 0] nsswitch/winbindd_cache.c:initialize_winbindd_cache(2230) 
> > Nov  6 11:57:58 localhost winbindd[21350]:   initialize_winbindd_cache: clearing cache and re-creating with version number 1 
> > Nov  6 11:57:58 localhost winbindd[21351]: [2008/11/06 11:57:58, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2363) 
> > Nov  6 11:57:58 localhost winbindd[21351]:   cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error NT_STATUS_NETWORK_ACCESS_DENIED 
> > 
> Okay, I was able to get getent to work.
> had to go back to ldconfig to get the library files to load the variants of libnss_winbind.
> 
> So now am trying to get it to allow domain users to login and get the uid's and gid's to match across servers.
> 
I now have 2 servers reporting different uid's, haven't checked the gid's, but I assume I have the same problem.

On system running samba-3.0.10-1.4E.9

MYDOMAIN+user1:*:10115:10000:SMB User:/home/users/user1:/bin/bash
MYDOMAIN+user2:*:10116:10000:SMB User:/home/users/user2:/bin/bash
MYDOMAIN+user3:*:10011:10000:SMB User:/home/users/user3:/bin/bash
MYDOMAIN+user4:*:10008:10000:SMB User:/home/users/user4:/bin/bash


On system 2 running samba samba3-3.0.32-36

MYDOMAIN+user1:*:12700:10000:SMB User:/home/users/user1:/bin/bash
MYDOMAIN+user2:*:12702:10000:SMB User:/home/users/user2:/bin/bash
MYDOMAIN+user3:*:12710:10000:SMB User:/home/users/user3:/bin/bash
MYDOMAIN+user4:*:12718:10000:SMB User:/home/users/user4:/bin/bash

More information about the samba mailing list