[Samba] getent passwd works but all wbinfo commands fail

Rowland Penny rowlandpenny at googlemail.com
Wed Sep 24 15:09:37 MDT 2014 

On 24/09/14 21:25, Allen Chen wrote:
> On 9/24/2014 3:44 PM, rusking wrote:
>> Hi,friends.thanks so much for your reply.I don't know what time is it 
>> now in
>> your country, but here in China is about 4 a.m. This question puzzled me
>> many days without a way. Bellow are the operations and related files
>> information. Eagerly awaiting for your reply. Thanks.
>> Domain controller server:MS-Server2008R2
>> [root at netfolderserver ~]# cat /etc/issue
>> Red Hat Enterprise Linux Server release 6.3 (Santiago)
>> Kernel \r on an \m
>> [root at netfolderserver ~]# service winbind status
>> winbindd (pid  2944) is running...
>> [root at netfolderserver ~]# ps -ef | grep samba winbind
>> root      2944     1  0 03:05 ?        00:00:00 winbindd
>> root      2946  2944  0 03:05 ?        00:00:00 winbindd
>> root      3581  2892  0 03:10 pts/1    00:00:00 grep winbind
>> [root at netfolderserver ~]# net ads join
>> Enter root's password:
>> Failed to join domain: failed to lookup DC info for domain 'IAMTEST.COM'
>> over rpc: Logon failure
>> [root at netfolderserver ~]# net ads join -U administrator
>> Enter administrator's password:
>> Using short domain name -- IAMTEST
>> Joined 'NETFOLDERSERVER' to realm 'iamtest.com'
>> [root at netfolderserver ~]# getent passwd
>> root:x:0:0:root:/root:/bin/bash
>> bin:x:1:1:bin:/bin:/sbin/nologin
>> daemon:x:2:2:daemon:/sbin:/sbin/nologin
>> adm:x:3:4:adm:/var/adm:/sbin/nologin
>> ……
>> [root at netfolderserver ~]# getent group
>> root:x:0:
>> bin:x:1:bin,daemon
>> daemon:x:2:bin,daemon
>> ……
>> cert publishers:*:10010:
>> domain admins:*:10011:netfolder1,administrator,rusky
>> [root at netfolderserver ~]# wbinfo -t
>> could not obtain winbind interface details!
>> could not obtain winbind domain name!
>> checking the trust secret for domain (null) via RPC calls failed
>> Could not check secret
>> [root at netfolderserver ~]# wbinfo -u
>> Error looking up domain users
>> [root at netfolderserver ~]# wbinfo -g
>> Error looking up domain groups
>> [root at netfolderserver ~]# testparm /etc/samba/smb.conf
>> Load smb config files from /etc/samba/smb.conf
>> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit 
>> (16384)
>> Processing section "[homes]"
>> Processing section "[wodewangpan]"
>> Loaded services file OK.
>> Server role: ROLE_DOMAIN_MEMBER
>> Press enter to see a dump of your service definitions
>>
>> [global]
>>     workgroup = IAMTEST
>>     realm = IAMTEST.COM
>>     server string = netfolder
>>     security = ADS
>>     password server = 10.168.51.183
>>     username map = /etc/samba/smbusers
>>     log file = /var/log/samba/log.%m
>>     max log size = 50000
>>     logon path = \\%L\Profiles\%U
>>     domain master = No
>>     dns proxy = No
>>     wins server = 10.168.51.183
>>     template homedir = /home/share/%U
>>     template shell = /bin/bash
>>     winbind separator = /
>>     winbind enum users = Yes
>>     winbind enum groups = Yes
>>     winbind use default domain = Yes
>>     idmap config * : range = 15000-20000
>>     idmap config * : backend = tdb
>>     idmap config IAMTEST : backend = rid
>>     idmap config IAMTEST : default = yes
>>     idmap config IAMTEST : schema_mode = rfc2307
> Make sure you understand your smb.conf.
> My Samba 4 file server has the following, and works fine:
> [global]
>         workgroup = HFTNET
>         realm = hftnet.local
>         netbios name = S4FILE
>         security = ADS
>         encrypt passwords = yes
>
>    idmap config *:backend = tdb
>    idmap config *:range = 70001-80000
>    idmap config HFTNET:backend = ad
>    idmap config HFTNET:schema_mode = rfc2307
>    idmap config HFTNET:range = 500-40000

Hi, you are using the 'ad' backend and presumably have uidNumber's & 
gidNumber's in AD, the OP seems to want to use the 'rid' backend and set 
the profile path etc in smb.conf. I think that if he makes the changes I 
suggested, he will find that he will have fewer problems.

Rowland

>
>    winbind nss info = rfc2307
>    winbind trusted domains only = no
>    winbind use default domain = yes
>    winbind enum users  = yes
>    winbind enum groups = yes
>
> [myshare]
>         path = /opt/test
>         read only = No
>         valid users                     = @it
>         create mask                     = 770
>         directory mask                  = 770
>         force create mode               = 770
>         force directory mode            = 770
>
>> [homes]
>>     comment = Home Directories
>>     path = /home/share/%U
>>     valid users = IAMTEST.COM\%U, IAMTEST\%U, %U
>>     create mask = 0777
>>     directory mask = 0777
>>     printable = Yes
>>     browseable = No
>>
>> [wodewangpan]
>>     comment = user
>>     path = /home/share/%U
>>     read only = No
>> [root at netfolderserver ~]# cat /etc/nsswitch.conf
>> #
>> # /etc/nsswitch.conf
>> #
>> # An example Name Service Switch config file. This file should be
>> # sorted with the most-used services at the beginning.
>> #
>> # The entry '[NOTFOUND=return]' means that the search for an
>> # entry should stop if the search in the previous entry turned
>> # up nothing. Note that if the search failed due to some other reason
>> # (like no NIS server responding) then the search continues with the
>> # next entry.
>> #
>> # Legal entries are:
>> #
>> #    nisplus or nis+        Use NIS+ (NIS version 3)
>> #    nis or yp        Use NIS (NIS version 2), also called YP
>> #    dns            Use DNS (Domain Name Service)
>> #    files            Use the local files
>> #    db            Use the local database (.db) files
>> #    compat            Use NIS on compat mode
>> #    hesiod            Use Hesiod for user lookups
>> #    [NOTFOUND=return]    Stop searching if not found so far
>> #
>>
>> # To use db, put the "db" in front of "files" for entries you want to be
>> # looked up first in the databases
>> #
>> # Example:
>> #passwd:    db files nisplus nis
>> #shadow:    db files nisplus nis
>> #group:     db files nisplus nis
>>
>> passwd:     files winbind
>> shadow:     files winbind
>> group:      files winbind
>>
>> hosts:     files dns wins
>> #hosts:      files dns
>>
>> # Example - obey only what nisplus tells us...
>> #services:   nisplus [NOTFOUND=return] files
>> #networks:   nisplus [NOTFOUND=return] files
>> #protocols:  nisplus [NOTFOUND=return] files
>> #rpc:        nisplus [NOTFOUND=return] files
>> #ethers:     nisplus [NOTFOUND=return] files
>> #netmasks:   nisplus [NOTFOUND=return] files
>>
>> bootparams: nisplus [NOTFOUND=return] files
>>
>> ethers:     db files
>> netmasks:   files
>> networks:   files dns
>> protocols:  db files
>> #protocols:   files winbind
>> rpc:        db files
>> services:   db files
>> #services:   files winbind
>>
>> netgroup:   nisplus winbind
>> #netgroup:    files winbind
>>
>> publickey:  nisplus
>>
>> automount:  files nisplus
>> #automount:   files winbind
>> aliases:    files nisplus
>>
>>
>>
>>
>> -- 
>> View this message in context: 
>> http://samba.2283325.n4.nabble.com/getent-passwd-works-but-all-wbinfo-commands-fail-tp4673174p4673180.html
>> Sent from the Samba - General mailing list archive at Nabble.com.
>
>

More information about the samba mailing list