[Samba] Samba 3 AD Member Server Strangeness

Brian.Huffman at dupont.com Brian.Huffman at dupont.com
Fri Jun 19 14:39:06 MDT 2015


All,

I'm trying to configure a Samba 3 AD member server including winbind.  I'm on RHEL 6.6, so I'm using Samba version 3.6.23.  

Here's my configuration:
[global]
        log level = 3 winbind:10
        workgroup = ABC
        server string = LV37
        netbios name = LV37

       idmap config *:backend = tdb
       idmap config *:range = 2000-9999
       idmap config ABC:backend = rid
       idmap config ABC:range = 10000-199999
       winbind use default domain = true
       winbind enum users = no
       winbind enum groups = no
       winbind refresh tickets = yes
       template homedir = /
       template shell = /sbin/nologin

        realm = ABC.NET
        dedicated keytab file = /etc/krb5.keytab
        kerberos method = secrets and keytab
        allow trusted domains = no
        domain master = no
        local master = no
        preferred master = no
        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
        map to guest = Bad User

In general I followed the guide at https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server

We have been able to do a wbinfo -u and all users come back.  Unfortunately not all users are getting mapped to uids:
[root at eslv37 samba]# wbinfo -u |egrep 'jx2354| nj3586
jx2354
nj3586 
[root at eslv37 samba]# wbinfo -i nj3586
nj3586:*:11813:10513:USER NAME:/:/sbin/nologin 
[root at eslv37 samba]# wbinfo -i jx2354
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user jx2354

For a user that works, I see this in the winbind logs:
[2015/06/19 16:28:56.608328,  3] winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
  getpwnam nj3586
[2015/06/19 16:28:56.608388, 10] winbindd/winbindd_dual.c:1370(fork_domain_child)
  fork_domain_child called for domain 'ABC'
[2015/06/19 16:28:56.608817, 10] winbindd/winbindd_dual.c:1426(fork_domain_child)
  Child process 5713
[2015/06/19 16:28:56.720068, 10] winbindd/winbindd_cm.c:377(winbind_msg_domain_online)
  Domain DUPONTNET is marked as online now.
[2015/06/19 16:28:56.746994, 10] winbindd/wb_sid2uid.c:56(wb_sid2uid_send)
  idmap_cache_find_sid2uid found 11813
[2015/06/19 16:28:56.747036, 10] winbindd/winbindd_util.c:787(find_lookup_domain_from_sid)
  find_lookup_domain_from_sid(S-1-5-21-369997941-647960827-447208795-513)
[2015/06/19 16:28:56.747065, 10] winbindd/winbindd_util.c:797(find_lookup_domain_from_sid)
  calling find_our_domain
[2015/06/19 16:28:56.749758, 10] winbindd/wb_sid2gid.c:57(wb_sid2gid_send)
  idmap_cache_find_sid2gid found 10513
[2015/06/19 16:28:56.749811, 10] winbindd/winbindd.c:707(wb_request_done)
  wb_request_done[5712:GETPWNAM]: NT_STATUS_OK
[2015/06/19 16:28:56.749854, 10] winbindd/winbindd.c:768(winbind_client_response_written)
  winbind_client_response_written[5712:GETPWNAM]: delivered response to client
[2015/06/19 16:28:56.750538,  6] winbindd/winbindd.c:870(winbind_client_request_read)
  closing socket 27, client exited

For a user that doesn't, I see this:
  getpwnam jx2354
[2015/06/19 16:29:32.187469, 10] winbindd/winbindd_util.c:787(find_lookup_domain_from_sid)
  find_lookup_domain_from_sid(S-1-5-21-369997941-647960827-447208795-732503)
[2015/06/19 16:29:32.187510, 10] winbindd/winbindd_util.c:797(find_lookup_domain_from_sid)
  calling find_our_domain
[2015/06/19 16:29:32.188077, 10] winbindd/winbindd_dual.c:1372(fork_domain_child)
  fork_domain_child called without domain.
[2015/06/19 16:29:32.188445, 10] winbindd/winbindd_dual.c:1426(fork_domain_child)
  Child process 5718
[2015/06/19 16:29:32.215807,  5] winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
  Could not convert sid S-1-5-21-369997941-647960827-447208795-732503: NT_STATUS_NONE_MAPPED
[2015/06/19 16:29:32.215861, 10] winbindd/winbindd.c:707(wb_request_done)
  wb_request_done[5717:GETPWNAM]: NT_STATUS_NONE_MAPPED
[2015/06/19 16:29:32.215903, 10] winbindd/winbindd.c:768(winbind_client_response_written)
  winbind_client_response_written[5717:GETPWNAM]: delivered response to client
[2015/06/19 16:29:32.216636,  6] winbindd/winbindd.c:870(winbind_client_request_read)
  closing socket 27, client exited

I can't figure out what I'm doing wrong.

Any ideas?

Thanks!
Brian

This communication is for use by the intended recipient and contains
information that may be Privileged, confidential or copyrighted under
applicable law. If you are not the intended recipient, you are hereby
formally notified that any use, copying or distribution of this e-mail,
in whole or in part, is strictly prohibited. Please notify the sender by
return e-mail and delete this e-mail from your system. Unless explicitly
and conspicuously designated as "E-Contract Intended", this e-mail does
not constitute a contract offer, a contract amendment, or an acceptance
of a contract offer. This e-mail does not constitute a consent to the
use of sender's contact information for direct marketing purposes or for
transfers of data to third parties.

The dupont.com http://dupont.com web address may be used for a limited period of time by the following
divested businesses that are no longer affiliated in any way with DuPont:
Borealis Polymers NV
Jacob Holm & Sonner Holding A/S (Jacob Holm)
Kuraray Co., Ltd

DuPont accepts no liability or responsibility for the content or use of communications
sent or received on behalf of such divested businesses or for the consequences of
any actions taken on the basis of such communications.

Francais Deutsch Italiano  Espanol  Portugues  Japanese  Chinese  Korean

          http://www.DuPont.com/corp/email_disclaimer.html



More information about the samba mailing list