[Samba] "getent group" shows AD groups; "getent passwd" only shows local users

Tomasz Chmielewski mangoo at wpkg.org
Thu Jan 22 16:47:52 GMT 2009 

I had winbind configured so that it could fetch users from AD.
Everything was working properly, but something happened in the past 
couple of days (no change in the Samba config) I'm not able to diagnose.

"getent group" enumerates groups, "getent passwd" doesn't.

"wbinfo -g" returns groups, whereas I get this error when trying to get 
users:

# wbinfo -u
Error looking up domain users

# net rpc join -S GNCNET -U user_linux
Password:
Joined domain NUT.

# net ads join -S GNCNET -U user_linux
user_linux's password:
[2009/01/22 10:37:06, 0] utils/net_ads.c:ads_startup_int(286)
   ads_connect: No logon servers
Failed to join domain: No logon servers


I see the Samba machine sends and receives packets on port 389 when I do 
"getent passwd", but just no users are returned.

Ideas?


This is my smb.conf:

    workgroup = NUT
    password server = GNCNET
    realm = GNCNET.GEORGIANUT.COM
    security = ads
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    winbind separator = +
    template homedir = /home/%D/cbl
    template shell = /bin/bash
    winbind use default domain = true
    winbind offline logon = false

server string = Samba Server %v
encrypt passwords = Yes

log file = /var/log/samba/log.%m
max log size = 100
log level = 8

os level = 18
local master = No
dns proxy = No

winbind enum users = yes
winbind enum groups = yes


In log.winbindd I can see errors like:

[2009/01/22 10:44:55, 3] libads/ldap.c:ads_do_paged_search_args(696)
   ads_do_paged_search_args: 
ldap_search_with_timeout((objectCategory=user)) -> Operations error
[2009/01/22 10:44:55, 3] 
libads/ldap_utils.c:ads_do_search_retry_internal(76)
   Reopening ads connection to realm 'GEORGIANUT.COM' after error 
Operations error
[2009/01/22 10:44:55, 5] libads/dns.c:sitename_fetch(677)
   sitename_fetch: Returning sitename for georgianut.com: 
"Default-First-Site-Name"
[2009/01/22 10:44:55, 6] libads/ldap.c:ads_find_dc(294)
   ads_find_dc: looking for realm 'georgianut.com'
[2009/01/22 10:44:55, 8] libsmb/namequery.c:get_sorted_dc_list(1626)
   get_sorted_dc_list: attempting lookup for name georgianut.com 
(sitename Default-First-Site-Name) using [ads]



-- 
Tomasz Chmielewski
http://wpkg.org

More information about the samba mailing list