[Samba] "getent group" shows AD groups; "getent passwd" only
shows local users
Tomasz Chmielewski
mangoo at wpkg.org
Fri Jan 23 09:17:20 GMT 2009
Brian Gregorcy schrieb:
>> In log.winbindd I can see errors like:
>>
>> [2009/01/22 10:44:55, 3] libads/ldap.c:ads_do_paged_search_args(696)
>> ads_do_paged_search_args:
>> ldap_search_with_timeout((objectCategory=user)) -> Operations error
>> [2009/01/22 10:44:55, 3]
>> libads/ldap_utils.c:ads_do_search_retry_internal(76)
>> Reopening ads connection to realm 'GEORGIANUT.COM' after error
>> Operations error
>> [2009/01/22 10:44:55, 5] libads/dns.c:sitename_fetch(677)
>> sitename_fetch: Returning sitename for georgianut.com:
>> "Default-First-Site-Name"
>> [2009/01/22 10:44:55, 6] libads/ldap.c:ads_find_dc(294)
>> ads_find_dc: looking for realm 'georgianut.com'
>> [2009/01/22 10:44:55, 8] libsmb/namequery.c:get_sorted_dc_list(1626)
>> get_sorted_dc_list: attempting lookup for name georgianut.com
>> (sitename Default-First-Site-Name) using [ads]
>>
>
>
>
> check that your clock on the linux box matches the clock on the DC.
Just being curios: what time difference is acceptable? I.e. up to 5
seconds, 5 minutes? That being said, the clocks are in sync.
When I use tcpdump to see what happens when doing "getent passwd", I can
see such error message:
5012 DIR_ERROR
Google suggest such causes for this error:
i.e. LDAP troubleshooting
kb.adobe.com/selfservice/viewContent.do?externalId=tn_19576
Cause: The DN specified in the User Search tab is incorrect, wrong, or
incorrectly formatted.
Cause: User could not be found. Most likely due to DN settings in the
User Search tab or the suffix or prefix fields in the Settings tab.
Cause: Most likely caused by a bad username or password. Common cause of
this error is a user trying to login with DOMAIN\login instead of just
login.
However, this doesn't explain why "getent group" works, and "getent
passwd" doesn't.
--
Tomasz Chmielewski
http://wpkg.org
More information about the samba
mailing list