[Samba] wbinfo messed up (was Re: Anyone try 'ssh server" and get "Password for DOMAIN\USER:>>")
gaiseric.vandal at gmail.com
Fri Jun 25 16:04:16 MDT 2010
If wbinfo -s and wbinfo -n both show the same uid-sid mappings then
winbind itself should be ok
# wbinfo -n jsmith
S-1-5-21-xxxx-xxxx-xxxx-1234 User (1)
# wbinfo -s S-1-5-21-xxxx-xxxx-xxxx-1234
Does "getent passwd" and "getent group" return "Windows" users?
Does "id MYDOMAIN\jsmith"
If not you may be missing the libnss_winbind or nss_winbind file in
/usr/lib (or /usr/local/lib) depending on OS and where samba was installed.
The group thing is weird. "wbinfo -g" shows more groups than "net rpc
group list" But "wbinfo -g" shows groups from trusted domains and the
BUILTIN domain. I would check the results of "net groupmap list." Make
sure that Domain Users and Domain Administrators are mapped.
On 06/25/2010 03:59 PM, Linda W wrote:
> Gaiseric Vandal wrote:
>> IS the Samba server the PDC? Do you have local unix accounts on it?
> (yes, yes)..
>> I might be wrong but couldn't you modify /etc/nsswitch.conf to use
>> passwd: files winbind
>> group: files winbind
> I tried this -- but then I couldn't log in at all!
> I'm thinking my winbind is screwy -- that may be all or part of the
>> wbinfo -u shows: lindaw (my user name)
> wbinfo -n lindaw returns: (expected)
> S-1-5-21-33333-77777-33333-80026 SID_USER (1)
> wbinfo -i lindaw" says: "Could not get info for user lindaw"
> wbinfo --own-domain returns: "BLISS"
> wbinfo --ping-dc returns: "checking the NETLOGON dc connection
> wbinfo --dsgetdcname=BLISS returns:
> "Could not find dc for BLISS"
> wbinfo -m
> wbinfo -m
> wbinfo --sid-aliases=S-1-5-21-33333-77777-33333-80026
> wbinfo --user-sids=S-1-5-21-33333-77777-33333-80026
> Could not get group SIDs for user SID S-1-5-21-33333-77777-33333-80026
> So It has partial information, but can't give info on me, can't verify
> passwords, can't give groups, but maps user id's...
> It DOESN'T show the same groups as "net rpc groups list" -- it shows
> a *fraction* of what the net command shows -
> net rpc groups list shows 20 groups, wbinfo -g shows 8.
> Should these be close? or the same?
> How can they be out of sync and if they should be the same, how
> do I resync them?
> Net groups shows the correct listing.
>> On 06/25/2010 01:12 AM, L. A. Walsh wrote:
>>> I'm trying to use 'ssh' as a domain user from a workstation into my
>>> When I ssh as a non-domain user, it doesn't tack on a domain (or
>>> name, so it just works, but when I log in from from my Samba domain,
>>> it tacks it on (and the linux security stuff doesn't like "domain\"
>>> Should the pam_winbind module be able to authenticate this type of
>>> user name against the domain?
>>> If not, is there a module that does?
More information about the samba