[Samba] getent passwd works but all wbinfo commands fail
Rowland Penny
rowlandpenny at googlemail.com
Wed Sep 24 15:09:37 MDT 2014
On 24/09/14 21:25, Allen Chen wrote:
> On 9/24/2014 3:44 PM, rusking wrote:
>> Hi,friends.thanks so much for your reply.I don't know what time is it
>> now in
>> your country, but here in China is about 4 a.m. This question puzzled me
>> many days without a way. Bellow are the operations and related files
>> information. Eagerly awaiting for your reply. Thanks.
>> Domain controller server:MS-Server2008R2
>> [root at netfolderserver ~]# cat /etc/issue
>> Red Hat Enterprise Linux Server release 6.3 (Santiago)
>> Kernel \r on an \m
>> [root at netfolderserver ~]# service winbind status
>> winbindd (pid 2944) is running...
>> [root at netfolderserver ~]# ps -ef | grep samba winbind
>> root 2944 1 0 03:05 ? 00:00:00 winbindd
>> root 2946 2944 0 03:05 ? 00:00:00 winbindd
>> root 3581 2892 0 03:10 pts/1 00:00:00 grep winbind
>> [root at netfolderserver ~]# net ads join
>> Enter root's password:
>> Failed to join domain: failed to lookup DC info for domain 'IAMTEST.COM'
>> over rpc: Logon failure
>> [root at netfolderserver ~]# net ads join -U administrator
>> Enter administrator's password:
>> Using short domain name -- IAMTEST
>> Joined 'NETFOLDERSERVER' to realm 'iamtest.com'
>> [root at netfolderserver ~]# getent passwd
>> root:x:0:0:root:/root:/bin/bash
>> bin:x:1:1:bin:/bin:/sbin/nologin
>> daemon:x:2:2:daemon:/sbin:/sbin/nologin
>> adm:x:3:4:adm:/var/adm:/sbin/nologin
>> ……
>> [root at netfolderserver ~]# getent group
>> root:x:0:
>> bin:x:1:bin,daemon
>> daemon:x:2:bin,daemon
>> ……
>> cert publishers:*:10010:
>> domain admins:*:10011:netfolder1,administrator,rusky
>> [root at netfolderserver ~]# wbinfo -t
>> could not obtain winbind interface details!
>> could not obtain winbind domain name!
>> checking the trust secret for domain (null) via RPC calls failed
>> Could not check secret
>> [root at netfolderserver ~]# wbinfo -u
>> Error looking up domain users
>> [root at netfolderserver ~]# wbinfo -g
>> Error looking up domain groups
>> [root at netfolderserver ~]# testparm /etc/samba/smb.conf
>> Load smb config files from /etc/samba/smb.conf
>> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
>> (16384)
>> Processing section "[homes]"
>> Processing section "[wodewangpan]"
>> Loaded services file OK.
>> Server role: ROLE_DOMAIN_MEMBER
>> Press enter to see a dump of your service definitions
>>
>> [global]
>> workgroup = IAMTEST
>> realm = IAMTEST.COM
>> server string = netfolder
>> security = ADS
>> password server = 10.168.51.183
>> username map = /etc/samba/smbusers
>> log file = /var/log/samba/log.%m
>> max log size = 50000
>> logon path = \\%L\Profiles\%U
>> domain master = No
>> dns proxy = No
>> wins server = 10.168.51.183
>> template homedir = /home/share/%U
>> template shell = /bin/bash
>> winbind separator = /
>> winbind enum users = Yes
>> winbind enum groups = Yes
>> winbind use default domain = Yes
>> idmap config * : range = 15000-20000
>> idmap config * : backend = tdb
>> idmap config IAMTEST : backend = rid
>> idmap config IAMTEST : default = yes
>> idmap config IAMTEST : schema_mode = rfc2307
> Make sure you understand your smb.conf.
> My Samba 4 file server has the following, and works fine:
> [global]
> workgroup = HFTNET
> realm = hftnet.local
> netbios name = S4FILE
> security = ADS
> encrypt passwords = yes
>
> idmap config *:backend = tdb
> idmap config *:range = 70001-80000
> idmap config HFTNET:backend = ad
> idmap config HFTNET:schema_mode = rfc2307
> idmap config HFTNET:range = 500-40000
Hi, you are using the 'ad' backend and presumably have uidNumber's &
gidNumber's in AD, the OP seems to want to use the 'rid' backend and set
the profile path etc in smb.conf. I think that if he makes the changes I
suggested, he will find that he will have fewer problems.
Rowland
>
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
>
> [myshare]
> path = /opt/test
> read only = No
> valid users = @it
> create mask = 770
> directory mask = 770
> force create mode = 770
> force directory mode = 770
>
>> [homes]
>> comment = Home Directories
>> path = /home/share/%U
>> valid users = IAMTEST.COM\%U, IAMTEST\%U, %U
>> create mask = 0777
>> directory mask = 0777
>> printable = Yes
>> browseable = No
>>
>> [wodewangpan]
>> comment = user
>> path = /home/share/%U
>> read only = No
>> [root at netfolderserver ~]# cat /etc/nsswitch.conf
>> #
>> # /etc/nsswitch.conf
>> #
>> # An example Name Service Switch config file. This file should be
>> # sorted with the most-used services at the beginning.
>> #
>> # The entry '[NOTFOUND=return]' means that the search for an
>> # entry should stop if the search in the previous entry turned
>> # up nothing. Note that if the search failed due to some other reason
>> # (like no NIS server responding) then the search continues with the
>> # next entry.
>> #
>> # Legal entries are:
>> #
>> # nisplus or nis+ Use NIS+ (NIS version 3)
>> # nis or yp Use NIS (NIS version 2), also called YP
>> # dns Use DNS (Domain Name Service)
>> # files Use the local files
>> # db Use the local database (.db) files
>> # compat Use NIS on compat mode
>> # hesiod Use Hesiod for user lookups
>> # [NOTFOUND=return] Stop searching if not found so far
>> #
>>
>> # To use db, put the "db" in front of "files" for entries you want to be
>> # looked up first in the databases
>> #
>> # Example:
>> #passwd: db files nisplus nis
>> #shadow: db files nisplus nis
>> #group: db files nisplus nis
>>
>> passwd: files winbind
>> shadow: files winbind
>> group: files winbind
>>
>> hosts: files dns wins
>> #hosts: files dns
>>
>> # Example - obey only what nisplus tells us...
>> #services: nisplus [NOTFOUND=return] files
>> #networks: nisplus [NOTFOUND=return] files
>> #protocols: nisplus [NOTFOUND=return] files
>> #rpc: nisplus [NOTFOUND=return] files
>> #ethers: nisplus [NOTFOUND=return] files
>> #netmasks: nisplus [NOTFOUND=return] files
>>
>> bootparams: nisplus [NOTFOUND=return] files
>>
>> ethers: db files
>> netmasks: files
>> networks: files dns
>> protocols: db files
>> #protocols: files winbind
>> rpc: db files
>> services: db files
>> #services: files winbind
>>
>> netgroup: nisplus winbind
>> #netgroup: files winbind
>>
>> publickey: nisplus
>>
>> automount: files nisplus
>> #automount: files winbind
>> aliases: files nisplus
>>
>>
>>
>>
>> --
>> View this message in context:
>> http://samba.2283325.n4.nabble.com/getent-passwd-works-but-all-wbinfo-commands-fail-tp4673174p4673180.html
>> Sent from the Samba - General mailing list archive at Nabble.com.
>
>
More information about the samba
mailing list