[Samba] getent passwd fails inside freebsd jail using samba 3.4.14

Kamil Choudhury Kamil.Choudhury at anserinae.net
Thu Sep 22 08:09:17 MDT 2011 

I've been messing around with running samba 3.4.14 inside a freebsd jail over 
the last couple of days, and am running into an odd problem where wbinfo -u
and wbinfo -g succeed, but getent passwd fails (insofar that it shows only
local users, but none of the domain users). 

Here's my smb.conf: 

[global]

interfaces                 =192.168.0.16/32
bind interfaces only       =yes
security                   =ads
realm                      =domain.net
password server            =awpsvc-win1.domain.net
workgroup                  =DOMAIN
idmap uid                  =10000-20000
idmap gid                  =10000-20000
idmap config DOMAIN: backend = ad
idmap config DOMAIN     : range   = 40000-60000
winbind nss info           =rfc2307
winbind enum users         =yes
winbind enum groups        =yes
winbind nested groups      =yes
winbind expand groups      =1
template homedir           =/home/%D/%U
template shell             =/usr/local/bin/bash
client use spnego          =yes
client ntlmv2 auth         =yes
encrypt passwords          =yes
winbind use default domain =yes
restrict anonymous         =2
acl check permissions      =yes
follow symlinks            =yes
wide links                 =yes
unix extensions            =no

And my /etc/nsswitch.conf file: 

group: winbind files
group_compat: nis
hosts: files dns
networks: files
passwd: winbind files
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files

Doing a getent passwd results in the following output to log.winbindd: 

[2011/09/22 00:22:00,  1] winbindd/winbindd_group.c:1366(winbindd_getgrent)
  could not look up gid for group ExchangeLegacyInterop
[2011/09/22 00:22:00,  1] winbindd/winbindd_group.c:1366(winbindd_getgrent)
  could not look up gid for group Schema Admins
[2011/09/22 00:22:00,  1] winbindd/winbindd_group.c:1366(winbindd_getgrent)
  could not look up gid for group Enterprise Admins
[2011/09/22 00:22:00,  1] winbindd/winbindd_group.c:1366(winbindd_getgrent)
  could not look up gid for group Enterprise Read-only Domain Controllers
...

...and the following in log.nbmd: 

[2011/09/22 00:29:46,  0] nmbd/nmbd_packets.c:1079(process_browse_packet)
  process_browse_packet: Discarding datagram from IP 192.168.0.16. Source name ABPSVC-UNIX2<00> is one of our names !
[2011/09/22 00:29:46,  0] nmbd/nmbd_packets.c:1079(process_browse_packet)
  process_browse_packet: Discarding datagram from IP 192.168.0.16. Source name ABPSVC-UNIX2<00> is one of our names !

The configuration is known to work *outside* a jail -- is there something
I should be doing differently in order to get winbind to work cleanly? 

Thanks in advance, 
Kamil

More information about the samba mailing list