[Samba] Samba 3.4 is unable to list users with getent and id (idmap_ad backend)

Oliver Weinmann oliver.weinmann at vega.de
Wed Sep 2 04:33:45 MDT 2009 

Dear All,

I'm using Samba Version 3.2.6 under Solaris 8 with the following config:

        netbios name = pegasus
        realm = REALM.NET
        workgroup = REALM
        security = ADS
        encrypt passwords = yes
        password server = *
        os level = 20
        socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
        idmap backend = ad
        idmap config REALM:schema_mode = sfu
        winbind nss info = sfu
        allow trusted domains = no
        winbind enum users = no
        winbind enum groups = no
        preferred master = no
        winbind nested groups = Yes
        winbind use default domain = Yes
        max log size = 50
        log file = /var/log/samba/log.%m
        dns proxy = no
        wins server = 172.20.200.18 172.18.200.20
        allow trusted domains = No
        client use spnego = Yes
        use kerberos keytab = true
        winbind refresh tickets = yes

This is working fine. 

Recently I compiled Samba 3.4 for Solaris 10 and I just can't  get it to
work with the idmap backend ad.

Wbinfo -u and wbinfo -g show all my AD users but id  username and getent
passwd username shows nothing. The logs don't show anything suspicious
except this error:

lib/C.msg: No such file or directory

I checked on the Solaris 8 box and this file doesn't exist either. So I
suspect it not the be the cause of the problem.

I noticed that the smb.conf needed some adjustment in samba 3.3.2. I got
this working using:

idmap config REALM : backend = ad
idmap config REALM : schema_mode = sfu 
idmap config REALM : range = 0-99999999

Instead of idmap backend = ad

But with 3.4 I had no luck.

This is what my current config on Samba 3.4 looks like:

[global]
        netbios name = Phobos
        realm = REALM.NET
        workgroup = REALM
        security = ADS
        encrypt passwords = yes
        password server = *
        os level = 20
        #idmap backend = ad
        idmap config REALM : backend = ad
        idmap config REALM:schema_mode = sfu
        idmap config REALM : range = 0-99999999
        winbind nss info = sfu
        winbind enum users = yes
        winbind enum groups = yes
        preferred master = no
        winbind nested groups = Yes
        winbind use default domain = Yes
        max log size = 50
        log file = /var/log/samba/log.%m
        log level = 10
        dns proxy = no
        wins server = 172.20.200.18 172.18.200.20
        allow trusted domains = no
        client use spnego = Yes
        #use kerberos keytab = true
        winbind refresh tickets = yes

Any help would be appreciated. If I can't get it working I might need to
get back using an older Version like 3.2.6.

Regards,
Oliver

More information about the samba mailing list