[Samba] getent group by name fails

Lee Allen lee at leecallen.com
Tue Oct 15 12:38:39 MDT 2013


>> 'getent group "domain users"' fails with return code 2
...
>>     winbind separator = \

> Just a wild guess: Can you try removing this line? \ is
> default.

Wow - that worked!  Thank you!!!


On Sat, Oct 12, 2013 at 3:53 AM, Volker Lendecke
<Volker.Lendecke at sernet.de>wrote:

> On Fri, Oct 11, 2013 at 10:16:48AM -0400, Lee Allen wrote:
> > Samba 3.6.17 joined to Samba 4.2.0 AD domain, using winbind
> >
> > 'wbinfo -g' and 'getent group' successfully list all groups.
> > 'getent group 10006' returns:
> >  domain users:x:10006:
> > 'getent group "domain users"' fails with return code 2
> >
> > partial log.winbind after above command:
> >
> > [2013/10/11 10:01:31.288199,  3]
> > winbindd/winbindd_misc.c:384(winbindd_interface_version)
> >   [31911]: request interface version
> > [2013/10/11 10:01:31.288288,  3]
> > winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir)
> >   [31911]: request location of privileged pipe
> > [2013/10/11 10:01:31.288421,  3]
> > winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)
> >   getgrnam domain users
> > [2013/10/11 10:01:31.288520,  3]
> > winbindd/winbindd_msrpc.c:252(msrpc_name_to_sid)
> >   msrpc_name_to_sid: name=DOMAIN\USERS
> > [2013/10/11 10:01:31.288547,  3]
> > winbindd/winbindd_msrpc.c:266(msrpc_name_to_sid)
> >   name_to_sid [rpc] DOMAIN\USERS for domain DOMAIN
> >
> > if I specify the domain name, ie: 'getent group "ALLENLAN\\domain users"'
> > it still fails...
> >
> > [2013/10/11 10:02:18.280728,  3]
> > winbindd/winbindd_misc.c:384(winbindd_interface_version)
> >   [31925]: request interface version
> > [2013/10/11 10:02:18.280823,  3]
> > winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir)
> >   [31925]: request location of privileged pipe
> > [2013/10/11 10:02:18.280940,  3]
> > winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)
> >   getgrnam ALLENLAN\domain users
> > [2013/10/11 10:02:18.281033,  3]
> > winbindd/winbindd_msrpc.c:252(msrpc_name_to_sid)
> >   msrpc_name_to_sid: name=ALLENLAN\DOMAIN\USERS
> > [2013/10/11 10:02:18.281060,  3]
> > winbindd/winbindd_msrpc.c:266(msrpc_name_to_sid)
> >   name_to_sid [rpc] ALLENLAN\DOMAIN\USERS for domain ALLENLAN\DOMAIN
> >
> > Note the missing space in "DOMAIN\USERS" in the logs.  I don't know
> whether
> > this is relevant.
> >
> > 'getent passwd' does not have any such problems - it can query by UID or
> > username
> >
> >
> > smb.conf:
> >
> > [global]
> >     workgroup = ALLENLAN
> >     realm = allenlan.net
> >     password server = 192.168.0.13
> >     preferred master = no
> >     server string = zone-samba3
> >     security = ads
> >     encrypt passwords = yes
> >     log level = 3
> >     log file = /var/log/samba/%m
> >     max log size = 50
> >     printcap name = cups
> >     printing = cups
> >     winbind enum users = yes
> >     winbind enum groups = yes
> >     winbind use default domain = yes
>
> Please try without "winbind use default domain = yes"
>
> >     winbind nested groups = yes
> >     winbind separator = \
>
> Just a wild guess: Can you try removing this line? \ is
> default.
>
> If that does not help, please send us full debug level 10
> logs of that command together with the output of
>
> strace -ttT -s 1000 -o /tmp/getent.out getent group "domain users"
>
> Regards,
>
> Volker
>
> --
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
> http://www.sernet.de, mailto:kontakt at sernet.de
>
> *****************************************************************
> visit us on it-sa:IT security exhibitions in Nürnberg, Germany
> October 8th - 10th 2013, hall 12, booth 333
> free tickets available via code 270691 on: www.it-sa.de/gutschein
> ******************************************************************
>



-- 
*Lee Allen*
email: lee at leecallen.com
bus: (404) 698-1801
home: (716) 773-2326
cell: (716) 880-0854
fax: (716) 408-8844


More information about the samba mailing list