[Samba] winbind and getent again

Gaiseric Vandal gaiseric.vandal at gmail.com
Wed Nov 2 11:04:00 MDT 2011 

Does it work if you explicitly state a domain user?
e.g
     getent passwd "TRUSTEDOMAIN\someuser"


I have the same symptom on my system-  I don't think it actually breaks 
anything.


On 11/02/2011 12:26 PM, Victor Mataré wrote:
> Hi everyone,
>
> I'm trying to use winbind as nsswitch module on a domain member against a samba PDC, and it used to work fine with samba 3.4. But now after upgrading to 3.5.11, getent group/passwd don't show domain users/groups anymore. However wbinfo -g and wbinfo -u work as expected. Also:
>
> # wbinfo -i matare
> matare:*:50011:50000:Victor Mataré:/home/SGI/matare:/bin/false
> # wbinfo -U 50011
> S-1-5-21-154097467-3372353439-1977514440-3032
> # wbinfo -G 50000
> S-1-5-21-154097467-3372353439-1977514440-513
> # wbinfo -s S-1-5-21-154097467-3372353439-1977514440-3032
> SGI\matare 1
> # wbinfo -s S-1-5-21-154097467-3372353439-1977514440-513
> SGI\Domain Users 2
>
> But getent passwd/group shows only local users. My smb.conf on the member looks like this:
> [global]
>          workgroup = SGI
>          server string = Auerhahn
>          security = domain
>          password server = BUSSARD GIRLITZ
>          log file = /var/log/samba/log.%m
>          log level = 2 winbind:10
>          max log size = 50
>          winbind expand groups = 4
>          winbind nested groups = yes
>          winbind enum groups = yes
>          winbind enum users = yes
>          idmap uid = 50000-500000
>          idmap gid = 50000-500000
>          winbind use default domain = yes
>          idmap config SGI:range = 50000-500000
>
> I really don't see the problem the nss_winbind module might be having:
>
> # strace -e trace=file getent group
> execve("/usr/bin/getent", ["getent", "group"], [/* 40 vars */]) = 0
> access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
> open("/etc/ld.so.cache", O_RDONLY)      = 3
> open("/lib64/libc.so.6", O_RDONLY)      = 3
> open("/usr/lib64/locale/locale-archive", O_RDONLY) = 3
> open("/etc/nsswitch.conf", O_RDONLY)    = 3
> open("/etc/ld.so.cache", O_RDONLY)      = 3
> open("/lib64/libnss_files.so.2", O_RDONLY) = 3
> open("/etc/group", O_RDONLY|O_CLOEXEC)  = 3
> root:x:0:root
> bin:x:1:root,bin,daemon
> [... prints local UNIX groups ...]
> postgres:x:70:
> open("/etc/ld.so.cache", O_RDONLY)      = 4
> open("/lib64/libnss_winbind.so.2", O_RDONLY) = 4
> lstat("/tmp/.winbindd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
> lstat("/tmp/.winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
> lstat("/var/cache/samba/winbindd_privileged", {st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0
> lstat("/var/cache/samba/winbindd_privileged/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
>
> And that's it. I also can't make out any error message in the logs, not even with log level 10. On the PDC and BDC, getent group works perfectly (also both via nss_winbind). Seriously, I'm out of ideas. Any pointer is greatly appreciated.
>
>

More information about the samba mailing list