[Samba] Samba 3.6.5, idmap configuration and WBC_ERR_DOMAIN_NOT_FOUND

Kevin Elliott kevin_elliott at ci.juneau.ak.us
Thu Jul 12 12:06:54 MDT 2012 

I read the bugreport that Dale linked and ended up using the workaround listed there.

Changes made to '/etc/samba/smb.conf' follow:
  @@ -28,9 +28,12 @@
       winbind enum users = Yes
       winbind enum groups = Yes
       panic action = /usr/share/samba/panic-action %d    
  -    idmap config CBJ_NT:backend = rid
  -    idmap config CBJ_NT:base_rid = 0
  -    idmap config CBJ_NT:range = 10000-65533
  +    idmap config * : backend = rid
  +    idmap config * : base_rid = 0
  +    idmap config * : range = 10000-65533
       idmap config LIBRARY:backend = rid
       idmap config LIBRARY:base_rid = 0
       idmap config LIBRARY:range = 65535-79999  

Does anyone have any idea why not explictly specifying the domain fixes this issue?




> -----Original Message-----
> From: Dale Schroeder [mailto:dale at BriannasSaladDressing.com] 
> Sent: Tuesday, July 10, 2012 11:18
> To: Kevin Elliott
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Samba 3.6.5, idmap configuration and 
> WBC_ERR_DOMAIN_NOT_FOUND
> 
> On 07/10/2012 12:56 PM, Kevin Elliott wrote:
> > Hello all,
> >
> > I recently upgraded from Samba 3.5.6 (the version contained 
> in Debian Stable) to Samba 3.6.5 (the version from Debian 
> Backports) in an effort to closer track the current 
> development to try and chase some long standing bugs out.
> >
> > I think I've resolved one problem but introduced another. 
> I'm getting the "WBC_ERR_DOMAIN_NOT_FOUND" when I try to 
> perform a SID to UID lookup much like so:
> >
> > city-liza-lnx:/var/log/samba# wbinfo -t checking the trust 
> secret for 
> > domain CBJ_NT via RPC calls succeeded city-liza-lnx:/var/log/samba# 
> > wbinfo -n CBJ_NT+kevin_elliott
> > S-1-5-21-505306839-1977890393-20515302-14949 SID_USER (1) 
> > city-liza-lnx:/var/log/samba# wbinfo -s 
> > S-1-5-21-505306839-1977890393-20515302-14949
> > CBJ_NT+kevin_elliott 1
> > city-liza-lnx:/var/log/samba# wbinfo -S 
> > S-1-5-21-505306839-1977890393-20515302-14949
> > failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND Could 
> not convert 
> > sid S-1-5-21-505306839-1977890393-20515302-14949 to uid
> >
> >
> > This looks like it has all the markings of following bugreport:
> >
> > https://bugzilla.samba.org/show_bug.cgi?id=8371#c5
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652679
> >
> >
> >
> > Before I follow this upstream can someone sanity check my 
> configs for me? I understand that much has changed between 
> 3.5 and 3.6 regarding the idmaping.
> >
> >
> > [global]
> >          workgroup = CBJ_NT
> >          realm = CBJ.LOCAL
> >          netbios aliases = CITY-LIZA-L90, CITY-LIZA
> >          server string = External FTP Server
> >          interfaces = 199.58.55.87/22, lo
> >          bind interfaces only = Yes
> >          security = ADS
> >          obey pam restrictions = Yes
> >          passdb backend = tdbsam
> >          password server = 199.58.55.25, 199.58.55.50
> >          passwd program = /usr/bin/passwd %u
> >          passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
> *Retype\snew\sUNIX\spassword:* %n\n .
> >          client NTLMv2 auth = Yes
> >          log level = 10
> >          log file = /var/log/samba/log.%m
> >          max log size = 2500
> >          printcap name = cups
> >          os level = 5
> >          local master = No
> >          domain master = No
> >          wins server = 199.58.55.25
> >          ldap ssl = no
> >          winbind enum users = Yes
> >          winbind enum groups = Yes
> >          panic action = /usr/share/samba/panic-action %d
> >          idmap config CBJ_NT:backend = rid
> >          idmap config CBJ_NT:base_rid = 0
> >          idmap config CBJ_NT:range = 10000-65533
> >          idmap config LIBRARY:backend = rid
> >          idmap config LIBRARY:base_rid = 0
> >          idmap config LIBRARY:range = 65535-79999
> >          winbind separator = +
> >          winbind use default domain = Yes
> >
> > [ftp]
> >          comment = FTP directory
> >          path = /var/ftp/pub/
> >          valid users = "@CBJ_NT+domain users"
> >          read only = No
> >          create mask = 0775
> >          directory mask = 0775
> >          hide unreadable = Yes
> >
> >
> >
> > Thank you for your consideration.
> >
> 
> Kevin,
> 
> With idmap rid, it could also be this one:
> 
> https://bugzilla.samba.org/show_bug.cgi?id=8676
> 
> This bug has been in every version of 3.6.  For me, a reboot 
> of the system usually will fix the problem until the next 
> samba/winbind restart is required; others have not been so fortunate.
> 
> Dale
> 
>

More information about the samba mailing list