[Samba] "getent group" shows AD groups; "getent passwd" only shows local users

Brian Gregorcy brian.gregorcy at utah.edu
Thu Jan 22 23:25:33 GMT 2009 


Tomasz Chmielewski wrote:
> I had winbind configured so that it could fetch users from AD.
> Everything was working properly, but something happened in the past 
> couple of days (no change in the Samba config) I'm not able to diagnose.
> 
> "getent group" enumerates groups, "getent passwd" doesn't.
> 
> "wbinfo -g" returns groups, whereas I get this error when trying to get 
> users:
> 
> # wbinfo -u
> Error looking up domain users
> 
> # net rpc join -S GNCNET -U user_linux
> Password:
> Joined domain NUT.
> 
> # net ads join -S GNCNET -U user_linux
> user_linux's password:
> [2009/01/22 10:37:06, 0] utils/net_ads.c:ads_startup_int(286)
>   ads_connect: No logon servers
> Failed to join domain: No logon servers
> 
> 
> I see the Samba machine sends and receives packets on port 389 when I do 
> "getent passwd", but just no users are returned.
> 
> Ideas?
> 
> 
> This is my smb.conf:
> 
>    workgroup = NUT
>    password server = GNCNET
>    realm = GNCNET.GEORGIANUT.COM
>    security = ads
>    idmap uid = 10000-20000
>    idmap gid = 10000-20000
>    winbind separator = +
>    template homedir = /home/%D/cbl
>    template shell = /bin/bash
>    winbind use default domain = true
>    winbind offline logon = false
> 
> server string = Samba Server %v
> encrypt passwords = Yes
> 
> log file = /var/log/samba/log.%m
> max log size = 100
> log level = 8
> 
> os level = 18
> local master = No
> dns proxy = No
> 
> winbind enum users = yes
> winbind enum groups = yes
> 
> 
> In log.winbindd I can see errors like:
> 
> [2009/01/22 10:44:55, 3] libads/ldap.c:ads_do_paged_search_args(696)
>   ads_do_paged_search_args: 
> ldap_search_with_timeout((objectCategory=user)) -> Operations error
> [2009/01/22 10:44:55, 3] 
> libads/ldap_utils.c:ads_do_search_retry_internal(76)
>   Reopening ads connection to realm 'GEORGIANUT.COM' after error 
> Operations error
> [2009/01/22 10:44:55, 5] libads/dns.c:sitename_fetch(677)
>   sitename_fetch: Returning sitename for georgianut.com: 
> "Default-First-Site-Name"
> [2009/01/22 10:44:55, 6] libads/ldap.c:ads_find_dc(294)
>   ads_find_dc: looking for realm 'georgianut.com'
> [2009/01/22 10:44:55, 8] libsmb/namequery.c:get_sorted_dc_list(1626)
>   get_sorted_dc_list: attempting lookup for name georgianut.com 
> (sitename Default-First-Site-Name) using [ads]
> 



check that your clock on the linux box matches the clock on the DC.


--Brian

More information about the samba mailing list