[Samba] [Possibly solved] Trust problems after upgrade from 3.5 to 3.6
Andrea Venturoli
ml at netfence.it
Wed Feb 13 03:12:18 MST 2013
On 02/09/13 13:12, Andrea Venturoli wrote:
> There are some message in event viewer which confirm the fact that my
> samba is contacting the Windows servers for authentication (which
> succeeds or fails normally).
>
>
>
> I'm investigating further.
I did some further testing:
_ winbindd authenticates correctly against the trusted domain;
_ smbd, however, won't recognize the user and we have two cases:
a) if an user with the same name exists in the Samba domain, it will
be mistakenly choosen; this is enough for browsing (smbclient -L);
b) if an user with the same name does not exist in the Samba domain,
browsing will fail;
_ even in case a), no access will be granted to a share.
I searched the web and saw a lot of other people having the same or
similar problem; I even found bug reports about this and got discouraged.
Since this was happening on a production box and we could not stand this
trouble anymore, I moved back to Samba 3.5, since
I then prepared a new box, with Samba 3.6, configured as a member of the
Samba domain and continued my tests there.
A message in the logs finally opened my eyes:
> [2013/02/12 18:11:16.282916, 0] passdb/lookup_sid.c:1684(get_primary_group_sid)
> Failed to find a Unix account for nagcheckUser nagcheck in passdb, but getpwnam() fails!
So I went in /etc/nsswitch.conf and changed
> passwd: files ldap
to
> passwd: files ldap winbindd
Everything started working as expected.
Now, before I try again on the production server (which is also the
PDC), I'm asking for confirmation that this might have been the cause.
This was not needed under Samba 3.5; is it really needed with 3.6?
No way to avoid this, given I won't in any case have any local file
owned by the trusted domain users?
bye & Thanks
av.
More information about the samba
mailing list