[Samba] Setup of Samba with Solaris 11.3 to provide Unix File Shares to Windows Users
Rowland Penny
rpenny at samba.org
Tue Aug 22 11:16:38 UTC 2017
On Tue, 22 Aug 2017 12:44:54 +0200
Martin Decker via samba <samba at lists.samba.org> wrote:
> Does mdecker exist in AD ?
> => Yes
>
> root at solaris1:~# getent passwd "MYDOM.ADS\\mdecker"
> mdecker:*:13767:613::/home/mdecker:/bin/bash
>
>
> winbind log:
>
> getpwnam MYDOM.ADS\mdecker
> wb_request_done[24254:GETPWNAM]: NT_STATUS_OK
>
>
> Does 'getent passwd mdecker' work ?
> => No
>
> getent passwd mdecker
>
> getpwnam mdecker
> winbindd_getpwnam: My domain -- rejecting getpwnam() for
> MYDOM\mdecker. Could not convert sid S-0-0: NT_STATUS_NO_SUCH_USER
> wb_request_done[24164:GETPWNAM]: NT_STATUS_NO_SUCH_USER
>
> Does 'getent passwd "MYDOM\mdecker" ' work ?
> => No
>
>
> Is 'mdecker' in /etc/passwd ?
> => No
>
> root at solaris1:~# grep mdecker /etc/passwd
> root at solaris1:~#
>
> Does 'getent group groupname' work ?
> => No
>
> root at solaris1:~# getent group "MYDOM\\Domänen-Benutzer"
> root at solaris1:~#
>
>
> winbind debug log:
>
> wcache_save_name_to_sid: MYDOM\DOMÄNEN-BENUTZER ->
> S-1-5-21-1585417398-3384821309-2524188735-513 (NT_STATUS_OK)
> wcache_save_sid_to_name:
> S-1-5-21-1585417398-3384821309-2524188735-513 -> domänen-benutzer
> (NT_STATUS_OK) wbint_LookupName: struct wbint_LookupName
> out: struct wbint_LookupName
> type : *
> type : SID_NAME_DOM_GRP (2)
> sid : *
> sid :
> S-1-5-21-1585417398-3384821309-2524188735-513
> result : NT_STATUS_OK
> Finished processing child request 59
> Writing 3532 bytes to parent
> timed_events_timeout: 94303/232621
> wbint_LookupName: struct wbint_LookupName
> out: struct wbint_LookupName
> type : *
> type : SID_NAME_DOM_GRP (2)
> sid : *
> sid :
> S-1-5-21-1585417398-3384821309-2524188735-513
> result : NT_STATUS_OK
> winbindd_getgrsid: My domain -- rejecting getgrsid() for
> S-1-5-21-1585417398-3384821309-2524188735-513
> Could not convert sid S-1-5-21-1585417398-3384821309-2524188735-513:
> NT_STATUS_NO_SUCH_GROUP
> wb_request_done[25512:GETGRNAM]: NT_STATUS_NO_SUCH_GROUP
>
> Regards,
> Martin
>
>
> 2017-08-22 12:20 GMT+02:00 Rowland Penny via samba
> <samba at lists.samba.org>:
>
> > On Tue, 22 Aug 2017 11:58:37 +0200
> > Martin Decker via samba <samba at lists.samba.org> wrote:
> >
> > > Thanks Rowland and Louis,
> > >
> > > after changing from ad to rid, i get all users listed with "getent
> > > passwd", not just the ones with uidNumber - which is good. But
> > > "getent passwd MYDOM\\mdecker" still does not resolve.
> >
> > Does mdecker exist in AD ?
> > Does 'getent passwd mdecker' work ?
> > Does 'getent passwd "MYDOM\mdecker" ' work ?
> >
> > Is 'mdecker' in /etc/passwd ?
> >
> > > In addition,
> > > no groups are listed with "getent group".
> >
> > Does 'getent group groupname' work ?
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
>
>
>
This is weird, you have 'winbind use default domain = yes' in smb.conf,
so you shouldn't need to use the domain (or realm) name in the getent
command.
Can we check a few things (which we may have checked earlier)
I use Devuan, so some of the package names may be different.
Can you post:
/etc/hostname
/etc/hosts
/etc/resolv.conf
/etc/krb5.conf
Is libnss_winbind seup correctly, on Devuan I install:
winbind libpam-winbind libpam-krb5 libnss-winbind krb5-config krb5-user
Rowland
More information about the samba
mailing list