[Samba] getent passwd works but all wbinfo commands fail

Rowland Penny rowlandpenny at googlemail.com
Wed Sep 24 14:01:34 MDT 2014


On 24/09/14 20:44, rusking wrote:
> Hi,friends.thanks so much for your reply.I don't know what time is it now in
> your country, but here in China is about 4 a.m. This question puzzled me
> many days without a way. Bellow are the operations and related files
> information. Eagerly awaiting for your reply. Thanks.
> Domain controller server:MS-Server2008R2
> [root at netfolderserver ~]# cat /etc/issue
> Red Hat Enterprise Linux Server release 6.3 (Santiago)
> Kernel \r on an \m
> [root at netfolderserver ~]# service winbind status
> winbindd (pid  2944) is running...
> [root at netfolderserver ~]# ps -ef | grep samba winbind
> root      2944     1  0 03:05 ?        00:00:00 winbindd
> root      2946  2944  0 03:05 ?        00:00:00 winbindd
> root      3581  2892  0 03:10 pts/1    00:00:00 grep winbind
> [root at netfolderserver ~]# net ads join
> Enter root's password:
> Failed to join domain: failed to lookup DC info for domain 'IAMTEST.COM'
> over rpc: Logon failure
> [root at netfolderserver ~]# net ads join -U administrator
> Enter administrator's password:
> Using short domain name -- IAMTEST
> Joined 'NETFOLDERSERVER' to realm 'iamtest.com'
> [root at netfolderserver ~]# getent passwd
> root:x:0:0:root:/root:/bin/bash
> bin:x:1:1:bin:/bin:/sbin/nologin
> daemon:x:2:2:daemon:/sbin:/sbin/nologin
> adm:x:3:4:adm:/var/adm:/sbin/nologin
> ……
> [root at netfolderserver ~]# getent group
> root:x:0:
> bin:x:1:bin,daemon
> daemon:x:2:bin,daemon
> ……
> cert publishers:*:10010:
> domain admins:*:10011:netfolder1,administrator,rusky
> [root at netfolderserver ~]# wbinfo -t
> could not obtain winbind interface details!
> could not obtain winbind domain name!
> checking the trust secret for domain (null) via RPC calls failed
> Could not check secret
> [root at netfolderserver ~]# wbinfo -u
> Error looking up domain users
> [root at netfolderserver ~]# wbinfo -g
> Error looking up domain groups
> [root at netfolderserver ~]# testparm /etc/samba/smb.conf
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> Processing section "[homes]"
> Processing section "[wodewangpan]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_MEMBER
> Press enter to see a dump of your service definitions
>
> [global]
> 	workgroup = IAMTEST
> 	realm = IAMTEST.COM
> 	server string = netfolder
> 	security = ADS
> 	password server = 10.168.51.183
> 	username map = /etc/samba/smbusers
> 	log file = /var/log/samba/log.%m
> 	max log size = 50000
> 	logon path = \\%L\Profiles\%U
> 	domain master = No
> 	dns proxy = No
> 	wins server = 10.168.51.183
> 	template homedir = /home/share/%U
> 	template shell = /bin/bash
> 	winbind separator = /
> 	winbind enum users = Yes
> 	winbind enum groups = Yes
> 	winbind use default domain = Yes
> 	idmap config * : range = 15000-20000
> 	idmap config * : backend = tdb
> 	idmap config IAMTEST : backend = rid
> 	idmap config IAMTEST : default = yes
> 	idmap config IAMTEST : schema_mode = rfc2307

You have not set a range for IAMTEST, winbind will not work without it, 
also you do not use 'schema_mode' with the 'rid' backend.

Rowland

>
> [homes]
> 	comment = Home Directories
> 	path = /home/share/%U
> 	valid users = IAMTEST.COM\%U, IAMTEST\%U, %U
> 	create mask = 0777
> 	directory mask = 0777
> 	printable = Yes
> 	browseable = No
>
> [wodewangpan]
> 	comment = user
> 	path = /home/share/%U
> 	read only = No
> [root at netfolderserver ~]# cat /etc/nsswitch.conf
> #
> # /etc/nsswitch.conf
> #
> # An example Name Service Switch config file. This file should be
> # sorted with the most-used services at the beginning.
> #
> # The entry '[NOTFOUND=return]' means that the search for an
> # entry should stop if the search in the previous entry turned
> # up nothing. Note that if the search failed due to some other reason
> # (like no NIS server responding) then the search continues with the
> # next entry.
> #
> # Legal entries are:
> #
> #	nisplus or nis+		Use NIS+ (NIS version 3)
> #	nis or yp		Use NIS (NIS version 2), also called YP
> #	dns			Use DNS (Domain Name Service)
> #	files			Use the local files
> #	db			Use the local database (.db) files
> #	compat			Use NIS on compat mode
> #	hesiod			Use Hesiod for user lookups
> #	[NOTFOUND=return]	Stop searching if not found so far
> #
>
> # To use db, put the "db" in front of "files" for entries you want to be
> # looked up first in the databases
> #
> # Example:
> #passwd:    db files nisplus nis
> #shadow:    db files nisplus nis
> #group:     db files nisplus nis
>
> passwd:     files winbind
> shadow:     files winbind
> group:      files winbind
>
> hosts:     files dns wins
> #hosts:      files dns
>
> # Example - obey only what nisplus tells us...
> #services:   nisplus [NOTFOUND=return] files
> #networks:   nisplus [NOTFOUND=return] files
> #protocols:  nisplus [NOTFOUND=return] files
> #rpc:        nisplus [NOTFOUND=return] files
> #ethers:     nisplus [NOTFOUND=return] files
> #netmasks:   nisplus [NOTFOUND=return] files
>
> bootparams: nisplus [NOTFOUND=return] files
>
> ethers:     db files
> netmasks:   files
> networks:   files dns
> protocols:  db files
> #protocols:   files winbind
> rpc:        db files
> services:   db files
> #services:   files winbind
>
> netgroup:   nisplus winbind
> #netgroup:    files winbind
>
> publickey:  nisplus
>
> automount:  files nisplus
> #automount:   files winbind
> aliases:    files nisplus
>
>
>
>
> --
> View this message in context: http://samba.2283325.n4.nabble.com/getent-passwd-works-but-all-wbinfo-commands-fail-tp4673174p4673180.html
> Sent from the Samba - General mailing list archive at Nabble.com.



More information about the samba mailing list