[Samba] Getent group don't work
Rowland Penny
rowlandpenny at googlemail.com
Mon May 18 04:00:59 MDT 2015
On 18/05/15 09:08, Tomasz Błasiak wrote:
> Hi
> Oracle Linux Server client with Samba 3.6.23 (file server) joined to the
> Samba4 AD domain.
> ----------------
> smb.conf
> [global]
> #--authconfig--start-line--
> netbios name = FS
> server string = "GSDAD Fileserver"
> workgroup = GSDAD
> realm = AD.GSD.LAN
> security = ads
> winbind use default domain = yes
> idmap config * : backend = rid
> idmap config * : range = 16777216-33554431
> template shell = /sbin/nologin
> winbind offline logon = false
> winbind enum users = yes
> winbind enum groups = yes
> idmap cache time = 15
> idmap negative cache time = 15
> log level = 2
>
> hide dot files = yes
> hide unreadable = yes
> access based share enum = yes
>
> wide links = Yes
> unix extensions = No
> follow symlinks = Yes
> socket options = TCP_NODELAY IPTOS_THROUGHPUT
>
> vfs objects = full_audit
> full_audit:prefix = %u|%I|%S
> full_audit:success = mkdir rename rmdir write unlink pwrite
> full_audit:failure = none
> recycle:repository = .deleted/%U
> recycle:keeptree = No
> recycle:touch = Yes
> recycle:versions = Yes
> recycle:maxsixe = 0
> ;recycle:exclude = *.tmp *.ini *.dat
> ;recycle:exclude_dir = /tmp /home /home/* /storage/samba/homes
> /storage/samba/homes/*
>
> keepalive = 300
> deadtime = 10
>
> include = /etc/samba/smb.conf.shares
> #--authconfig--end-line--
> ----------------
>
> getent passwd and wbinfo -u returns all AD users correctly
> wbinfo -g returns all AD groups correctly
> getent group fails. Only local groups are returned.
>
> ------------
> log.winbindd
> winbindd/winbindd_group.c:45(fill_grent)
> winbindd Failed to find domain 'GSD-DOK'. Check connection to trusted
> domains!
> ------------
>
> 'GSD-DOK' it is group in AD
> I set log level = 10
>
> ----------
> log.winbindd
>
> 2015/05/15 12:28:38.557668, 6] winbindd/winbindd.c:822(new_connection)
> accepted socket 23
> [2015/05/15 12:28:38.558409, 10] winbindd/winbindd.c:672(process_request)
> process_request: request fn INTERFACE_VERSION
> [2015/05/15 12:28:38.558654, 3]
> winbindd/winbindd_misc.c:384(winbindd_interface_version)
> [ 2718]: request interface version
> [2015/05/15 12:28:38.558905, 10]
> winbindd/winbindd.c:768(winbind_client_response_written)
> winbind_client_response_written[2718:INTERFACE_VERSION]: delivered
> response to client
> [2015/05/15 12:28:38.559251, 10] winbindd/winbindd.c:672(process_request)
> process_request: request fn WINBINDD_PRIV_PIPE_DIR
> [2015/05/15 12:28:38.559482, 3]
> winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir)
> [ 2718]: request location of privileged pipe
> [2015/05/15 12:28:38.559999, 10]
> winbindd/winbindd.c:768(winbind_client_response_written)
> winbind_client_response_written[2718:WINBINDD_PRIV_PIPE_DIR]: delivered
> response to client
> [2015/05/15 12:28:38.560401, 6] winbindd/winbindd.c:822(new_connection)
> accepted socket 30
> [2015/05/15 12:28:38.560682, 6]
> winbindd/winbindd.c:870(winbind_client_request_read)
> closing socket 23, client exited
> [2015/05/15 12:28:38.560948, 10] winbindd/winbindd.c:645(process_request)
> process_request: Handling async request 2718:GETGRNAM
> [2015/05/15 12:28:38.561267, 3]
> winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)
> getgrnam GSD-it
> [2015/05/15 12:28:38.561509, 1]
> ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
> wbint_LookupName: struct wbint_LookupName
> in: struct wbint_LookupName
> domain : *
> domain : 'GSDAD'
> name : *
> name : 'GSD-IT'
> flags : 0x00000000 (0)
> [2015/05/15 12:28:38.562552, 1]
> ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
> wbint_LookupName: struct wbint_LookupName
> out: struct wbint_LookupName
> type : *
> type : SID_NAME_DOM_GRP (2)
> sid : *
> sid :
> S-1-5-21-678467049-2606551726-923385481-1113
> result : NT_STATUS_OK
> [2015/05/15 12:28:38.563484, 10]
> winbindd/winbindd_util.c:787(find_lookup_domain_from_sid)
> find_lookup_domain_from_sid(S-1-5-21-678467049-2606551726-923385481-1113)
> [2015/05/15 12:28:38.563779, 10]
> winbindd/winbindd_util.c:797(find_lookup_domain_from_sid)
> calling find_our_domain
> [2015/05/15 12:28:38.564038, 1]
> ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
> wbint_LookupSid: struct wbint_LookupSid
> in: struct wbint_LookupSid
> sid : *
> sid :
> S-1-5-21-678467049-2606551726-923385481-1113
> [2015/05/15 12:28:38.564524, 1]
> ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
> wbint_LookupSid: struct wbint_LookupSid
> out: struct wbint_LookupSid
> type : *
> type : SID_NAME_DOM_GRP (2)
> domain : *
> domain : *
> domain : 'GSD-IT'
> name : *
> name : *
> name : ''
> result : NT_STATUS_OK
> [2015/05/15 12:28:38.565800, 10] lib/gencache.c:183(gencache_set_data_blob)
> Adding cache entry with key =
> IDMAP/SID2GID/S-1-5-21-678467049-2606551726-923385481-1113 and timeout =
> Thu Jan 1 01:00:00 1970
> (-1431685718 seconds in the past)
> [2015/05/15 12:28:38.566636, 10]
> winbindd/winbindd_util.c:787(find_lookup_domain_from_sid)
> find_lookup_domain_from_sid(S-1-5-21-678467049-2606551726-923385481-1113)
> [2015/05/15 12:28:38.566880, 10]
> winbindd/winbindd_util.c:797(find_lookup_domain_from_sid)
> calling find_our_domain
> [2015/05/15 12:28:38.567127, 1]
> ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
> wbint_LookupSid: struct wbint_LookupSid
> in: struct wbint_LookupSid
> sid : *
> sid :
> S-1-5-21-678467049-2606551726-923385481-1113
> [2015/05/15 12:28:38.567677, 1]
> ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
> wbint_LookupSid: struct wbint_LookupSid
> out: struct wbint_LookupSid
> type : *
> type : SID_NAME_DOM_GRP (2)
> domain : *
> domain : *
> domain : 'GSD-IT'
> name : *
> name : *
> name : ''
> result : NT_STATUS_OK
> [2015/05/15 12:28:38.568904, 1]
> ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
> wbint_Sid2Gid: struct wbint_Sid2Gid
> in: struct wbint_Sid2Gid
> dom_name : NULL
> sid : *
> sid :
> S-1-5-21-678467049-2606551726-923385481-1113
> [2015/05/15 12:28:38.575264, 1]
> ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
> wbint_Sid2Gid: struct wbint_Sid2Gid
> out: struct wbint_Sid2Gid
> gid : *
> gid : 0x0000000001000459 (16778329)
> result : NT_STATUS_OK
> [2015/05/15 12:28:38.575852, 1]
> ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
> wbint_LookupGroupMembers: struct wbint_LookupGroupMembers
> in: struct wbint_LookupGroupMembers
> sid : *
> sid :
> S-1-5-21-678467049-2606551726-923385481-1113
> type : SID_NAME_DOM_GRP (2)
> [2015/05/15 12:28:38.576075, 1]
> ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
> wbint_LookupGroupMembers: struct wbint_LookupGroupMembers
> out: struct wbint_LookupGroupMembers
> members : *
> members: struct wbint_Principals
> num_principals : 4
> principals: ARRAY(4)
> principals: struct wbint_Principal
> sid :
> S-1-5-21-678467049-2606551726-923385481-1613
> type : SID_NAME_USER (1)
> name : *
> name : 'tnowak'
> principals: struct wbint_Principal
> sid :
> S-1-5-21-678467049-2606551726-923385481-1108
> type : SID_NAME_USER (1)
> name : *
> name : 'plewandowski'
> principals: struct wbint_Principal
> sid :
> S-1-5-21-678467049-2606551726-923385481-1602
> type : SID_NAME_USER (1)
> name : *
> name : 'kbet'
> principals: struct wbint_Principal
> sid :
> S-1-5-21-678467049-2606551726-923385481-1625
> type : SID_NAME_USER (1)
> name : *
> name : 'drukGSD'
> result : NT_STATUS_OK
> [2015/05/15 12:28:38.579554, 0] winbindd/winbindd_group.c:45(fill_grent)
> Failed to find domain 'GSD-IT'. Check connection to trusted domains!
> [2015/05/15 12:28:38.580456, 5]
> winbindd/winbindd_getgrnam.c:152(winbindd_getgrnam_recv)
> fill_grent failed
> [2015/05/15 12:28:38.581716, 10] winbindd/winbindd.c:707(wb_request_done)
> wb_request_done[2718:GETGRNAM]: NT_STATUS_NO_MEMORY
> [2015/05/15 12:28:38.589246, 10]
> winbindd/winbindd.c:768(winbind_client_response_written)
> winbind_client_response_written[2718:GETGRNAM]: delivered response to
> client
> [2015/05/15 12:28:38.589653, 6]
> winbindd/winbindd.c:870(winbind_client_request_read)
> closing socket 30, client exited
>
> ----------
>
>
>
> Any ideas anyone?
> Cheers,
> Tom
Know problem, does 'getent group <a domain group>' work ?
Rowland
More information about the samba
mailing list