[Samba] winbind: homeDirectory being ignored

Rowland Penny rowlandpenny at googlemail.com
Tue Jun 24 09:12:11 MDT 2014 

On 24/06/14 16:07, Brian Candler wrote:
> > Remove:
> > objectClass: posixGroup
> > from Domain Users and
> > objectClass: posixAccount
> > from User8.
>
> Done. No difference.
>
> > Add:
> > uidNumber: 1008
> > to User8?
>
> It was already there. I've also tried deleting /var/cache/samba/* and 
> restarting winbindd, although simply restarting winbindd seems to be 
> sufficient - that is, after restart there's a noticeable fraction of a 
> second between running getent and seeing the reply.
>
> I'm now attempting to find some sensible logging. On the client side 
> I've set
>
>   log level = 10
>
> and I get a lot of noise (apparently not including the actual LDAP 
> queries sent and replies received), but within it:
>
>        wbint_QueryUser: struct wbint_QueryUser
>           out: struct wbint_QueryUser
>               info                     : *
>                   info: struct wbint_userinfo
>                       acct_name                : *
>                           acct_name                : 'user8'
>                       full_name                : *
>                           full_name                : 'user8'
>                       homedir                  : NULL
>                       shell                    : *
>                           shell                    : '/bin/bash'
>                       primary_gid              : 0x00000000000003f0 
> (1008)
>                       user_sid                 : 
> S-1-5-21-399808871-116543423-1949263926-1127
>                       group_sid                : 
> S-1-5-21-399808871-116543423-1949263926-513
>               result                   : NT_STATUS_OK
>
> (So it looks like the gid (1008) has been found; homedir is still 
> blank though)
>
>   wcache_save_sid_to_name: S-1-5-21-399808871-116543423-1949263926-513 
> -> ADTEST\Domain Users (NT_STATUS_OK)
> [2014/06/24 17:49:35.599686,  1, pid=29560, effective(0, 0), real(0, 
> 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug)
>        wbint_LookupSid: struct wbint_LookupSid
>           out: struct wbint_LookupSid
>               type                     : *
>                   type                     : SID_NAME_DOM_GRP (2)
>               domain                   : *
>                   domain                   : *
>                       domain                   : 'ADTEST'
>               name                     : *
>                   name                     : *
>                       name                     : 'Domain Users'
>               result                   : NT_STATUS_OK
>
> (So it looks like it knows group 1008 = Domain Users)
>
> Also possibly relevant:
>
>   Search for 
> (|(attributeId=1.3.6.1.1.1.1.0)(attributeId=1.3.6.1.1.1.1.1)(attrib
> uteId=1.3.6.1.1.1.1.3)(attributeId=1.3.6.1.1.1.1.4)(attributeId=1.3.6.1.1.1.1.2) 
>
> (attributeId=0.9.2342.19200300.100.1.1)) in 
> <CN=Schema,CN=Configuration,DC=adtes
> t,DC=int,DC=example,DC=net> gave 6 replies
>         OID 1.3.6.1.1.1.1.3 has name: unixHomeDirectory
>         OID 0.9.2342.19200300.100.1.1 has name: uid
>         OID 1.3.6.1.1.1.1.4 has name: loginShell
>         OID 1.3.6.1.1.1.1.2 has name: gecos
>         OID 1.3.6.1.1.1.1.0 has name: uidNumber
>         OID 1.3.6.1.1.1.1.1 has name: gidNumber
> ...
> [2014/06/24 17:49:35.418917, 10, pid=29560, effective(0, 0), real(0, 
> 0), class=winbind] 
> ../source3/winbindd/winbindd_cache.c:4850(nss_get_info_cached)
>   result:
>         homedir = '(null)'
>         shell = '/bin/bash'
>         gecos = '(null)'
>         gid = '1008'
>
> (I note that RFC2307 calls nisSchema.1.3 "homeDirectory" not 
> "unixHomeDirectory", but I don't know if that's important)
>
> Pretty stuck now.
>
I should have gone to specsavers ;-)

Try adding 'unixHomeDirectory: /home/user7' to the users AD info

'homedirectory' & 'unixHomeDirectory' are different attributes.

Rowland

Rowland

More information about the samba mailing list