[Samba] getent passwd strange behavior

Zabel, Daniel Daniel.Zabel at coremedia.com
Mon Apr 11 04:25:26 MDT 2011 

Hi Noé,

 

thank you for your quick reply.

cvadmin is a domain user.

 

Interesting that you have no problems using the old schema.

If I try in /etc/samba/smb.conf

 

  [global]

 

   workgroup = MYDOMAIN

   password server = ldap.mydomain.com

   realm = MYDOMAIN.COM

   security = ads

  idmap uid = 100-500000

  idmap gid = 100-500000

  idmap backend = ad

  winbind nss info = rfc2307

  winbind normalize names = yes

  winbind use default domain = true

   winbind offline logon = false

   winbind cache time = 180

   winbind enum users = yes

   winbind enum groups = yes

   winbind nested groups = Yes

 

No domainuser could be resolved anymore. Same config work on our other samba servers.

 

/var/log/samba/log.winbind-idmap shows:

 

[2011/04/11 12:24:13.560317,  3, effective(0, 0), real(0, 0)] libsmb/namequery.c:1880(get_dc_list)

  get_dc_list: preferred server list: ", *"

[2011/04/11 12:24:13.560365,  3, effective(0, 0), real(0, 0)] libsmb/namequery.c:1119(resolve_lmhosts)

  resolve_lmhosts: Attempting lmhosts lookup for name *<0x1c>

[2011/04/11 12:24:13.560467,  3, effective(0, 0), real(0, 0)] libsmb/namequery_dc.c:169(rpc_dc_name)

  Could not look up dc's for domain *

[2011/04/11 12:24:13.560487,  0, effective(0, 0), real(0, 0)] libads/ldap.c:337(ads_find_dc)

  ads_find_dc: no realm or workgroup!  Don't know what to do

[2011/04/11 12:24:13.560505,  1, effective(0, 0), real(0, 0)] winbindd/idmap_ad.c:143(ad_idmap_cached_connection_internal)

  ad_idmap_init: failed to connect to AD

[2011/04/11 12:24:13.560518,  1, effective(0, 0), real(0, 0)] winbindd/idmap_ad.c:543(idmap_ad_sids_to_unixids)

  ADS uninitialized: Invalid parameter

[2011/04/11 12:24:13.560564,  3, effective(0, 0), real(0, 0)] winbindd/idmap.c:684(idmap_new_mapping)

  default domain not writable

 

Cheers,

 

Daniel

 

Von: Noé Puyal [mailto:npuyal at valls.cat] 
Gesendet: Montag, 11. April 2011 10:41
An: Zabel, Daniel
Betreff: Re: [Samba] getent passwd strange behavior

 

Hi Daniel

First of all, one question, cvadmin is a domain user or local user?

If cvadmin is a local user you should raise the 100 to a number after the last UID and GID.

Also, as you said, I have all my samba servers with old idmap schema working properly.

Good morning

El lun, 11-04-2011 a las 09:38 +0200, Zabel, Daniel escribió:



        idmap uid = 100-500000

        idmap gid = 100-500000

More information about the samba mailing list