[Samba] wbinfo -u/-g/-n works, but not 'wbinfo -i' or 'id'

Rowland Penny rowlandpenny at googlemail.com
Tue Apr 14 14:49:43 MDT 2015


On 14/04/15 20:59, Adam Tauno Williams wrote:
> On Tue, 2015-04-14 at 15:20 +0100, Rowland Penny wrote:
>> On 14/04/15 14:59, Adam Tauno Williams wrote:
>>> On Thu, 2014-10-30 at 13:41 -0300, Horacio G. de Oro wrote:
>>>> Hi! I'm trying to add a member to be used as fileserver, following the
>>>> guides at:
>>>> - https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>>>> - https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC
>>>> The AD server has been in use for month, but I can't get user
>>>> information from the new member. The new member was joined to the
>>>> directory, and nsswitch was configured. Running 'id username' returns
>>>> 'No such user'.
>>>> Running 'wbinfo -u' and  'wbinfo -g', 'wbinfo -n username' and 'wbinfo
>>>> --sid-to-uid' works OK. Also 'wbinfo --online-status' and 'wbinfo
>>>> --ping-dc'
>>>> But, when I try 'id username', or 'wbinfo -i username', it fails with
>>>> WBC_ERR_DOMAIN_NOT_FOUND
>>>> $ wbinfo -i username
>>>> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
>>>> Could not get info for user username
>>>> $ wbinfo -n username
>>>> S-1-5-21-3087569779-2873525441-767630994-1118 SID_USER (1)
>>>> And using '--sid-to-uid' I got the UID:
>>>> $ wbinfo --sid-to-uid S-1-5-21-3087569779-2873525441-767630994-1118
>>>> 10000 Servers · Web Development in Python & Java · DevOps · Big Data
>>> I am experiencing much the same issue; wbinfo -u/-g works but getent
>>> passwd/group only contains a very partial user list and querying a
>>> specific user causes the WBC_ERR_DOMAIN_NOT_FOUND error.  Although
>>> otherwise the domain is functional and there are active workstations.
>>> Did you every identify a solution?
>> It should work, it sounds like a mis-configuration somewhere, can you
>> post the smb.conf, /etc/nsswitch.conf, /etc/resolv.conf and
>> /etc/krb5.conf from the member server.
> "wbinfo -u" lists 415 lines
>
> "getent passwd" returns 93 lines
>
> A host configured to use nslcd and LDAP directory returns 560 lines for
> "getent passwd".
>
> Samba on client is sernet-samba-4.1.17-11.el6.x86_64, AD DCs are all
> sernet-samba-4.0.21-7.el6.x86_64
>
> [root at barbel profiles]# wbinfo -i cleslie
> failed to call wbcGetpwnam: WBC_ERR_WINBIND_NOT_AVAILABLE
>
>
> /etc/samba/smb.conf
> ###################
>
>     idmap_ldb:use rfc2307 = yes
>     idmap config *:backend = tdb
>     idmap config *:range = 4000001-4999999
>     idmap config BACKBONE:backend = ad
>     idmap config BACKBONE:schema_mode = rfc2307
>     idmap config BACKBONE:range = 100-400000
>
>     winbind nss info = rfc2307
>     winbind trusted domains only = no
>     winbind use default domain = yes
>     winbind enum users = yes
>     winbind enum groups = yes
>     winbind refresh tickets = Yes
>     winbind expand groups = 4
>     winbind normalize names = Yes
>     domain master = no
>     local master = no
>     vfs objects = acl_xattr
>     map acl inherit = Yes
>     store dos attributes = Yes
>
>

Is this the smb.conf from the AD DC or the member server ?

If it is the later, you don't need this :  idmap_ldb:use rfc2307 = yes
It should only be on the DC.

wbinfo connects to the AD DC differently to the way getent does, so the 
fact that another machine lists the users, shows that the backend is 
setup correctly (unless nlscd is creating the IDs on the fly). winbind 
relies on the uidNumber & gidNumber attributes being in smb.conf and the 
attributes being inside the range you set in smb.conf '100-400000' (by 
the way, you do know that this could pull in some of the local system 
users).

What are the 'passwd' & 'group' lines in /etc/nsswitch.conf ?

What is in /etc/krb5.conf ?

what kerberos have you got installed ? (don't know if this makes any 
difference, but would be good to know)

Does /etc/resolv.conf point to the samba4 AD DC ?

Can you 'kinit' as Administrator ?

and as a normal user?

finally, why 'whitemice' ???

Rowland








More information about the samba mailing list