[Samba] wbinfo -u -g work, wbinfo -i and getent fail
Daniel Carrasco Marín
danielmadrid19 at gmail.com
Mon May 4 05:45:34 MDT 2015
2015-05-04 13:38 GMT+02:00 Daniel Carrasco Marín <danielmadrid19 at gmail.com>:
> 2015-05-04 13:01 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>:
>> On 04/05/15 04:02, Carl Gherardi wrote:
>>> Hi all,
>>> I'm using Ubuntu 14.04 samba 4.1.6 packages, attempting to set up a
>>> for file shares AD clients can use. My previous setup was a simple AD
>>> with a user map file (1 to 1 AD to unix user) that i've been migrating
>>> approximately 7 years, and with the last 2003 AD server removed from the
>>> network it stopped working (2008 R2 DC's now).
>>> After approximately 2 weeks of varying results (including a working
>>> for 24 hours), I seem to have come full circle to 'non functional' again.
>>> I'm able to join the domain using either net ads join -k or net ads join
>>> wbinfo -u - Gives me a list of domain users
>>> wbinfo -g - Gives a list of domain groups
>>> wbinfo -i Administrator | wbinfo -i CAG\\Administrator | wbinfo -i
>>> CAG+Administrator all return
>>> failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
>>> Could not get info for <blah>
>> I use Linux Mint 17 and this doesn't work for me either, so I wouldn't
>>> and getent passwd only returns local+nis users.
>> This is were you can start worrying :-)
>>> I see a _lot_ of posts about this via google but few with solutions.
>>> SFU is (was?) functional and pushing uid and gid's, and at several points
>>> in the last two weeks getent passwd|group has been functional
>> So, if it was working, what have you changed, or had changed for you by
>> an update ?
>> Can you check that a user you expect to show up via 'getent passwd
>> username' does in fact still have a uidNumber attribute containing a number
>> between 1000-99999 (also do you have any local users ?)
>> Can you also check that 'Domain Users' (at least) has a gidNumber
>> attribute containing a number between 1000-99999 (again, do you have any
>> local groups?)
>>> Any suggestions appreciated.
>>> Carl Gherardi
>>> workgroup = CAG
>>> security = ADS
>>> realm = CAG.DOMAIN.NAME
>>> netbios aliases = gong
>>> dedicated keytab file = /etc/krb5.keytab
>>> kerberos method = secrets and keytab
>>> idmap config *:backend = tdb
>>> idmap config *:range = 500-999
>>> idmap config CAG:backend = ad
>>> idmap config CAG:range = 1000-99999
>>> idmap config CAG:schema_mode = rfc2307
>>> winbind nss info = rfc2307
>>> winbind trusted domains only = no
>>> winbind use default domain = no
>>> winbind nested groups = yes
>>> winbind enum users = yes
>>> winbind enum groups = yes
>>> winbind refresh tickets = Yes
>>> winbind expand groups = 4
>>> winbind normalize names = Yes
>>> domain master = no
>>> local master = no
>>> dns proxy = no
>>> log level = 3 auth:10 winbind:3
>>> passwd: compat winbind nis
>>> group: compat winbind nis
> I'm getting similar behavior on my server, but is working fine. Have you
> tried other tools?. For me:
> "wbinfo -u -g" works.
> "wbinfo -i user" works.
> "wbinfo -i group" fails with that error.
> "getent passwd" works and show local and AD users.
> "getent group" only show local groups.
> but other tools works perfect:
> "chwon user:group file" works perfect.
> "getent group groupname" works
> "getent passwd user" works
> Permissions on CUPS using domain groups are working too.
> Try that tools because maybe is working fine even if getent don't show the
> users/groups and wbinfo -i is failing.
Doing some test i've found that "wbinfo -i group" fails, but if i use
"wbinfo --group-info=group" then works perfect. Try to use the full command
line in wbinfo too (--group-info and --user-info).
More information about the samba