[Samba] Samba 3.4 is unable to list users with getent and id (idmap_ad backend)
Alexander Födisch
foedisch at eva.mpg.de
Fri Sep 4 05:20:33 MDT 2009
Hi,
I have the same problem with samba 3.3.7:
On a member server (samba 3.3.7-39) I can query users and groups with "wbinfo -u|-g" and "getent passwd|groups".
Both tools are working fine. But "id <user>" or "getent passwd <user>" does not work.
When connecting to a share, the authorization also fails with error "NT_STATUS_NO_SUCH_USER"
my /etc/nsswitch.conf:
passwd: compat winbind
group: compat winbind
Any ideas?
Thanks,
Alex
Oliver Weinmann schrieb:
> Dear All,
>
> I'm using Samba Version 3.2.6 under Solaris 8 with the following config:
>
> netbios name = pegasus
> realm = REALM.NET
> workgroup = REALM
> security = ADS
> encrypt passwords = yes
> password server = *
> os level = 20
> socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
> idmap backend = ad
> idmap config REALM:schema_mode = sfu
> winbind nss info = sfu
> allow trusted domains = no
> winbind enum users = no
> winbind enum groups = no
> preferred master = no
> winbind nested groups = Yes
> winbind use default domain = Yes
> max log size = 50
> log file = /var/log/samba/log.%m
> dns proxy = no
> wins server = 172.20.200.18 172.18.200.20
> allow trusted domains = No
> client use spnego = Yes
> use kerberos keytab = true
> winbind refresh tickets = yes
>
> This is working fine.
>
> Recently I compiled Samba 3.4 for Solaris 10 and I just can't get it to
> work with the idmap backend ad.
>
> Wbinfo -u and wbinfo -g show all my AD users but id username and getent
> passwd username shows nothing. The logs don't show anything suspicious
> except this error:
>
> lib/C.msg: No such file or directory
>
> I checked on the Solaris 8 box and this file doesn't exist either. So I
> suspect it not the be the cause of the problem.
>
> I noticed that the smb.conf needed some adjustment in samba 3.3.2. I got
> this working using:
>
> idmap config REALM : backend = ad
> idmap config REALM : schema_mode = sfu
> idmap config REALM : range = 0-99999999
>
> Instead of idmap backend = ad
>
> But with 3.4 I had no luck.
>
> This is what my current config on Samba 3.4 looks like:
>
> [global]
> netbios name = Phobos
> realm = REALM.NET
> workgroup = REALM
> security = ADS
> encrypt passwords = yes
> password server = *
> os level = 20
> #idmap backend = ad
> idmap config REALM : backend = ad
> idmap config REALM:schema_mode = sfu
> idmap config REALM : range = 0-99999999
> winbind nss info = sfu
> winbind enum users = yes
> winbind enum groups = yes
> preferred master = no
> winbind nested groups = Yes
> winbind use default domain = Yes
> max log size = 50
> log file = /var/log/samba/log.%m
> log level = 10
> dns proxy = no
> wins server = 172.20.200.18 172.18.200.20
> allow trusted domains = no
> client use spnego = Yes
> #use kerberos keytab = true
> winbind refresh tickets = yes
>
> Any help would be appreciated. If I can't get it working I might need to
> get back using an older Version like 3.2.6.
>
> Regards,
> Oliver
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5905 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20090904/ace16304/attachment.bin>
More information about the samba
mailing list