[Samba] wbinfo -u -g work, wbinfo -i and getent fail

Mon May 4 05:45:34 MDT 2015

2015-05-04 13:38 GMT+02:00 Daniel Carrasco Marín <danielmadrid19 at gmail.com>:

>
>
> 2015-05-04 13:01 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>:
>
>> On 04/05/15 04:02, Carl Gherardi wrote:
>>
>>> Hi all,
>>>
>>> I'm using Ubuntu 14.04 samba 4.1.6 packages, attempting to set up a
>>> server
>>> for file shares AD clients can use. My previous setup was a simple AD
>>> join
>>> with a user map file (1 to 1 AD to unix user) that i've been migrating
>>> for
>>> approximately 7 years, and with the last 2003 AD server removed from the
>>> network it stopped working (2008 R2 DC's now).
>>>
>>> After approximately 2 weeks of varying results (including a working
>>> config
>>> for 24 hours), I seem to have come full circle to 'non functional' again.
>>>
>>> I'm able to join the domain using either net ads join -k or net ads join
>>> -u
>>> Administrator
>>>
>>> wbinfo -u - Gives me a list of domain users
>>> wbinfo -g - Gives a list of domain groups
>>>
>>> wbinfo -i Administrator | wbinfo -i CAG\\Administrator | wbinfo -i
>>> CAG+Administrator all return
>>> failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
>>> Could not get info for <blah>
>>>
>>
>> I use Linux Mint 17 and this doesn't work for me either, so I wouldn't
>> worry.
>>
>>
>>> and getent passwd only returns local+nis users.
>>>
>>
>> This is were you can start worrying :-)
>>
>>
>>> I see a _lot_ of posts about this via google but few with solutions.
>>>
>>> SFU is (was?) functional and pushing uid and gid's, and at several points
>>> in the last two weeks getent passwd|group has been functional
>>>
>>
>> So, if it was working, what have you changed, or had changed for you by
>> an update ?
>>
>> Can you check that a user you expect to show up via 'getent passwd
>> username' does in fact still have a uidNumber attribute containing a number
>> between 1000-99999 (also do you have any local users ?)
>>
>> Can you also check that 'Domain Users' (at least) has a gidNumber
>> attribute containing a number between 1000-99999 (again, do you have any
>> local groups?)
>>
>> Rowland
>>
>>
>>
>>> Any suggestions appreciated.
>>>
>>> Thanks
>>>
>>> Carl Gherardi
>>>
>>> smb.conf:
>>> [global]
>>>     workgroup = CAG
>>>     security = ADS
>>>     realm = CAG.DOMAIN.NAME
>>>     netbios aliases = gong
>>>     dedicated keytab file = /etc/krb5.keytab
>>>     kerberos method = secrets and keytab
>>>
>>>     idmap config *:backend = tdb
>>>     idmap config *:range = 500-999
>>>     idmap config CAG:backend = ad
>>>     idmap config CAG:range = 1000-99999
>>>
>>>     idmap config CAG:schema_mode = rfc2307
>>>     winbind nss info = rfc2307
>>>
>>>     winbind trusted domains only = no
>>>     winbind use default domain = no
>>>     winbind nested groups = yes
>>>     winbind enum users  = yes
>>>     winbind enum groups = yes
>>>     winbind refresh tickets = Yes
>>>     winbind expand groups = 4
>>>     winbind normalize names = Yes
>>>     domain master = no
>>>     local master = no
>>>     dns proxy = no
>>>     log level = 3 auth:10 winbind:3
>>>
>>> nsswitch.conf
>>>
>>> passwd:         compat winbind nis
>>> group:          compat winbind nis
>>>
>>
> I'm getting similar behavior on my server, but is working fine. Have you
> tried other tools?. For me:
>
> "wbinfo -u -g" works.
> "wbinfo -i user" works.
> "wbinfo -i group" fails with that error.
> "getent passwd" works and show local and AD users.
> "getent group" only show local groups.
>
> but other tools works perfect:
> "chwon user:group file" works perfect.
> "getent group groupname" works
> "getent passwd user" works
> Permissions on CUPS using domain groups are working too.
>
> Try that tools because maybe is working fine even if getent don't show the
> users/groups and wbinfo -i is failing.
>
> Greetings!!
>
>
Hi again,

Doing some test i've found that "wbinfo -i group" fails, but if i use
"wbinfo --group-info=group" then works perfect. Try to use the full command
line in wbinfo too (--group-info and --user-info).

Greetings!!