[Samba] smb.conf works for 3.4.0; doesn't work for 3.4.7

Michael Leone turgon at mike-leone.com
Sat May 8 09:54:29 MDT 2010 

On Sat, May 8, 2010 at 4:00 AM, Christian PERRIER <bubulle at debian.org> wrote:
> Quoting Mike Leone (turgon at mike-leone.com):
>
>> directories. Even tho Ubuntu 10.04 seems to have the /etc/pam.d files
>> already configured for samba, I copied over the common-account,
>> common-auth, common-password, common-session files from the 9.10 server
>> to the 10.04 server. Did the same with the nsswitch.conf file.
>
> This is very very probably the source of all your problems.

To test that, I completely re-formatted by laptop once again, and
re-installed 10.04. This time, I did *not* touch any file under
/etc/pam.d. I then installed winbind and samba; configured
nsswitch.conf; cleaned out /var/lo/samba and /var/cache/samba and
/var/lib/samba.

Got a ticket; joined the domain.

Exact same error. "getent passwd" returns no domain users. wbinfo
-u/-g/-t/-a ... all work.

So the problem must not have been my editing the pam files, since I've
never touched them.

log.winbind shows:

[2010/05/08 11:44:18,  3]
libads/ldap_schema.c:324(ads_check_posix_schema_mapping)
  ads_check_posix_schema_mapping: failed STATUS_SOME_UNMAPPED
[2010/05/08 11:44:18,  2] winbindd/idmap_ad.c:185(ad_idmap_cached_connection)
  ad_idmap_cached_connection: Failed to obtain schema details!
[2010/05/08 11:44:18,  1] winbindd/idmap_ad.c:543(idmap_ad_sids_to_unixids)
  ADS uninitialized: STATUS_SOME_UNMAPPED
[2010/05/08 11:44:18,  1] winbindd/winbindd_user.c:97(winbindd_fill_pwent)
  error getting user id for sid S-1-5-21-2780757143-49591276-3462498634-500
[2010/05/08 11:44:18,  1] winbindd/winbindd_user.c:856(winbindd_getpwent)
  could not lookup domain user Administrator

smb.conf:

[global]
	workgroup = DACRIB
	realm = DACRIB.LOCAL
	server string = %h server (Samba %v, Domain: %D, Server: %L - %R)
	security = ADS
	map to guest = Bad User

	client use spnego = true
	client ntlmv2 auth = yes
	auth methods = winbind
	restrict anonymous = 0
	server signing = auto

	eventlog list = Application System Security SyslogLinux

# PAM AUTH
	encrypt passwords = Yes
	obey pam restrictions = Yes
	pam password change = true
	password server = dim-win2300.DaCrib.local
	pam password change = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
	unix password sync = Yes

	log level = 3
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000

	preferred master = No
	domain master = No
	local master  = No
	os level = 2

	dns proxy = No
	usershare allow guests = Yes
	panic action = /usr/share/samba/panic-action %d
	hide dot files = No

# WINBIND

	idmap config DACRIB:backend = ad
	idmap config DACRIB:range=100000 - 200000
	idmap config DACRIB:schema_mode = rfc2307

        idmap uid = 100000-200000
        idmap gid = 100000-200000

	winbind enum users = Yes
	winbind enum groups = Yes
	winbind use default domain = No
   	winbind nested groups = Yes
	winbind refresh tickets = true
	winbind separator = +
	winbind nss info = rfc2307
	allow trusted domains = No

	template homedir = /home/%D/%u
	template shell = /bin/bash

	enable privileges = Yes
	wide links = No

Anyone see anything wrong here?

More information about the samba mailing list