[Samba] Setup of Samba with Solaris 11.3 to provide Unix File Shares to Windows Users

Tue Aug 22 11:16:38 UTC 2017

On Tue, 22 Aug 2017 12:44:54 +0200
Martin Decker via samba <samba at lists.samba.org> wrote:

> Does mdecker exist in AD ?
> => Yes
> 
> root at solaris1:~# getent passwd "MYDOM.ADS\\mdecker"
> mdecker:*:13767:613::/home/mdecker:/bin/bash
> 
> 
> winbind log:
> 
> getpwnam MYDOM.ADS\mdecker
> wb_request_done[24254:GETPWNAM]: NT_STATUS_OK
> 
> 
> Does 'getent passwd mdecker' work ?
> => No
> 
> getent passwd mdecker
> 
> getpwnam mdecker
> winbindd_getpwnam: My domain -- rejecting getpwnam() for
> MYDOM\mdecker. Could not convert sid S-0-0: NT_STATUS_NO_SUCH_USER
> wb_request_done[24164:GETPWNAM]: NT_STATUS_NO_SUCH_USER
> 
> Does 'getent passwd "MYDOM\mdecker" ' work ?
> => No
> 
> 
> Is 'mdecker' in /etc/passwd ?
> => No
> 
> root at solaris1:~# grep mdecker /etc/passwd
> root at solaris1:~#
> 
> Does 'getent group groupname' work ?
> => No
> 
> root at solaris1:~# getent group "MYDOM\\Domänen-Benutzer"
> root at solaris1:~#
> 
> 
> winbind debug log:
> 
> wcache_save_name_to_sid: MYDOM\DOMÄNEN-BENUTZER ->
> S-1-5-21-1585417398-3384821309-2524188735-513 (NT_STATUS_OK)
> wcache_save_sid_to_name:
> S-1-5-21-1585417398-3384821309-2524188735-513 -> domänen-benutzer
> (NT_STATUS_OK) wbint_LookupName: struct wbint_LookupName
>         out: struct wbint_LookupName
>             type                     : *
>                 type                     : SID_NAME_DOM_GRP (2)
>             sid                      : *
>                 sid                      :
> S-1-5-21-1585417398-3384821309-2524188735-513
>             result                   : NT_STATUS_OK
> Finished processing child request 59
> Writing 3532 bytes to parent
> timed_events_timeout: 94303/232621
>      wbint_LookupName: struct wbint_LookupName
>         out: struct wbint_LookupName
>             type                     : *
>                 type                     : SID_NAME_DOM_GRP (2)
>             sid                      : *
>                 sid                      :
> S-1-5-21-1585417398-3384821309-2524188735-513
>             result                   : NT_STATUS_OK
> winbindd_getgrsid: My domain -- rejecting getgrsid() for
> S-1-5-21-1585417398-3384821309-2524188735-513
> Could not convert sid S-1-5-21-1585417398-3384821309-2524188735-513:
> NT_STATUS_NO_SUCH_GROUP
> wb_request_done[25512:GETGRNAM]: NT_STATUS_NO_SUCH_GROUP
> 
> Regards,
> Martin
> 
> 
> 2017-08-22 12:20 GMT+02:00 Rowland Penny via samba
> <samba at lists.samba.org>:
> 
> > On Tue, 22 Aug 2017 11:58:37 +0200
> > Martin Decker via samba <samba at lists.samba.org> wrote:
> >
> > > Thanks Rowland and Louis,
> > >
> > > after changing from ad to rid, i get all users listed with "getent
> > > passwd", not just the ones with uidNumber - which is good. But
> > > "getent passwd MYDOM\\mdecker" still does not resolve.
> >
> > Does mdecker exist in AD ?
> > Does 'getent passwd mdecker' work ?
> > Does 'getent passwd "MYDOM\mdecker" ' work ?
> >
> > Is 'mdecker' in /etc/passwd ?
> >
> > > In addition,
> > > no groups are listed with "getent group".
> >
> > Does 'getent group groupname' work ?
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> 
> 
> 

This is weird, you have 'winbind use default domain = yes' in smb.conf,
so you shouldn't need to use the domain (or realm) name in the getent
command.

Can we check a few things (which we may have checked earlier)

I use Devuan, so some of the package names may be different.

Can you post:
/etc/hostname
/etc/hosts
/etc/resolv.conf
/etc/krb5.conf

Is libnss_winbind seup correctly, on Devuan I install:
winbind libpam-winbind libpam-krb5 libnss-winbind krb5-config krb5-user

Rowland