[Samba] wbinfo messed up (was Re: Anyone try 'ssh server" and get "Password for DOMAIN\USER:>>")

Linda W samba at tlinx.org
Fri Jun 25 13:59:17 MDT 2010 

Gaiseric Vandal wrote:
> IS the Samba server the PDC?  Do you have local unix accounts on it?
(yes, yes)..
> I might be wrong  but couldn't you modify /etc/nsswitch.conf to use
> 
> 	passwd:         files winbind
> 	group:          files winbind
> 
> instead?


-----------

I tried this -- but then I couldn't log in at all!
I'm thinking my winbind is screwy -- that may be all or part of the problem.
Symptoms:

> wbinfo -u  shows: lindaw  (my user name)

wbinfo -n lindaw returns:  (expected)
  S-1-5-21-33333-77777-33333-80026 SID_USER (1)

  BUT:
wbinfo -i lindaw"	says:	 "Could not get info for user lindaw"

wbinfo --own-domain	returns: "BLISS"
wbinfo --ping-dc	returns: "checking the NETLOGON dc connection succeeded"
  BUT:
wbinfo --dsgetdcname=BLISS returns:
  				  "Could not find dc for BLISS"
wbinfo -m
  BUILTIN
  BLISS
wbinfo -m
wbinfo --sid-aliases=S-1-5-21-33333-77777-33333-80026
80026

wbinfo --user-sids=S-1-5-21-33333-77777-33333-80026
Could not get group SIDs for user SID S-1-5-21-33333-77777-33333-80026

---
So It has partial information, but can't give info on me, can't verify
passwords, can't give groups, but maps user id's...

It DOESN'T show the same groups as "net rpc groups list" -- it shows
a *fraction* of what the net command shows -
net rpc groups list shows 20 groups, 
wbinfo -g shows 8.

Should these be close?  or the same?
How can they be out of sync and if they should be the same, how
do I resync them?
Net groups shows the correct listing.



 


> 
> On 06/25/2010 01:12 AM, L. A. Walsh wrote:
>> I'm trying to use 'ssh' as a domain user from a workstation into my
>> server.
>>
>> When I ssh as a non-domain user, it doesn't tack on a domain (or 
>> workstation)
>> name, so it just works, but when I log in from from my Samba domain,
>> it tacks it on (and the linux security stuff doesn't like "domain\" 
>> either.
>>
>> Should the pam_winbind module be able to authenticate this type of 
>> user name against the domain?
>>
>> If not, is there a module that does?
>>
>> thanks,
>> linda
>>
>

More information about the samba mailing list