[Samba] getent group by name fails
Volker Lendecke
Volker.Lendecke at SerNet.DE
Sat Oct 12 01:53:59 MDT 2013
On Fri, Oct 11, 2013 at 10:16:48AM -0400, Lee Allen wrote:
> Samba 3.6.17 joined to Samba 4.2.0 AD domain, using winbind
>
> 'wbinfo -g' and 'getent group' successfully list all groups.
> 'getent group 10006' returns:
> domain users:x:10006:
> 'getent group "domain users"' fails with return code 2
>
> partial log.winbind after above command:
>
> [2013/10/11 10:01:31.288199, 3]
> winbindd/winbindd_misc.c:384(winbindd_interface_version)
> [31911]: request interface version
> [2013/10/11 10:01:31.288288, 3]
> winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir)
> [31911]: request location of privileged pipe
> [2013/10/11 10:01:31.288421, 3]
> winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)
> getgrnam domain users
> [2013/10/11 10:01:31.288520, 3]
> winbindd/winbindd_msrpc.c:252(msrpc_name_to_sid)
> msrpc_name_to_sid: name=DOMAIN\USERS
> [2013/10/11 10:01:31.288547, 3]
> winbindd/winbindd_msrpc.c:266(msrpc_name_to_sid)
> name_to_sid [rpc] DOMAIN\USERS for domain DOMAIN
>
> if I specify the domain name, ie: 'getent group "ALLENLAN\\domain users"'
> it still fails...
>
> [2013/10/11 10:02:18.280728, 3]
> winbindd/winbindd_misc.c:384(winbindd_interface_version)
> [31925]: request interface version
> [2013/10/11 10:02:18.280823, 3]
> winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir)
> [31925]: request location of privileged pipe
> [2013/10/11 10:02:18.280940, 3]
> winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)
> getgrnam ALLENLAN\domain users
> [2013/10/11 10:02:18.281033, 3]
> winbindd/winbindd_msrpc.c:252(msrpc_name_to_sid)
> msrpc_name_to_sid: name=ALLENLAN\DOMAIN\USERS
> [2013/10/11 10:02:18.281060, 3]
> winbindd/winbindd_msrpc.c:266(msrpc_name_to_sid)
> name_to_sid [rpc] ALLENLAN\DOMAIN\USERS for domain ALLENLAN\DOMAIN
>
> Note the missing space in "DOMAIN\USERS" in the logs. I don't know whether
> this is relevant.
>
> 'getent passwd' does not have any such problems - it can query by UID or
> username
>
>
> smb.conf:
>
> [global]
> workgroup = ALLENLAN
> realm = allenlan.net
> password server = 192.168.0.13
> preferred master = no
> server string = zone-samba3
> security = ads
> encrypt passwords = yes
> log level = 3
> log file = /var/log/samba/%m
> max log size = 50
> printcap name = cups
> printing = cups
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
Please try without "winbind use default domain = yes"
> winbind nested groups = yes
> winbind separator = \
Just a wild guess: Can you try removing this line? \ is
default.
If that does not help, please send us full debug level 10
logs of that command together with the output of
strace -ttT -s 1000 -o /tmp/getent.out getent group "domain users"
Regards,
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
*****************************************************************
visit us on it-sa:IT security exhibitions in Nürnberg, Germany
October 8th - 10th 2013, hall 12, booth 333
free tickets available via code 270691 on: www.it-sa.de/gutschein
******************************************************************
More information about the samba
mailing list