[Samba] Solaris 11.1 + Samba 3.6.6 + ads + getent group - a bug, perhaps?
jake.carroll at uq.edu.au
Mon Jan 14 03:18:29 MST 2013
I posted a few days ago with some Samba + ADS integration problems.
I've since progressed to a point where I have a Solaris 11.1 host running Samba 3.6.6 with ads as the security type, running winbind for my mapping needs.
I can now wbinfo –u and wbinfo –g just fine. Returns things as I'd expect from the local and auth-sources (AD).
What I can also do is getent passwd, which returns domain users perfectly.
What I *can't* seem to do is getent group in any way, shape or form.
My /etc/nsswitch.conf is sane:
passwd: files winbind
group: files winbind
hosts: files dns
When I do try to getent group, I see:
[2013/01/14 20:03:36.835081, 1, pid=788] libads/ldap_utils.c:134(ads_do_search_retry_internal)
ads reopen failed after error Timelimit exceeded
[2013/01/14 20:03:36.835209, 1, pid=788] libads/ldap_utils.c:315(ads_ranged_search_internal)
ads_search: Timelimit exceeded
[2013/01/14 20:03:36.835261, 0, pid=788] winbindd/winbindd_ads.c:1084(lookup_groupmem)
ads_ranged_search failed with: Timelimit exceeded
Can't help but think after searching the lists that this might be a bug. Apparently there was a bug in the 3.5.x series (I think?) where, if there were > 1000 groups (or was it users in a group?) there were issues like this.
Can someone shed some light and help out? It's the last "bit" I've got to get working. Currently I can chown files with a username that getent can resolve, but I can't resolve AD group names unfortunately, as a consequence of the above. I'd love to get my fileserver up and running :).
More information about the samba