[Samba] [samba] Winbindd without RFC2307 question

mathias dufresne infractory at gmail.com
Wed Jul 19 13:33:46 UTC 2017


Hi all,

I'm trying to set up some Samba files server retrieving users from AD. This
AD has no RFC2307 installed yet.

The Linux system hosting this files server is Debian 9.0.

The issue is system side commands as "getent passwd some_user" or "id
some_user" are not working, not showing any result.

Here is my whole smb.conf (shares will come later) :

[global]
   workgroup = DOMAIN
   realm = DOMAIN.TLD
   security = ads

   winbind use default domain = true
   winbind offline logon = false

   winbind nss info = template
   template shell = /bin/bash
   template homedir = /home/%U

   idmap config * : backend = tdb
   idmap config * : range = 10000-999999


   idmap config DOMAIN:backend = ad
   idmap config DOMAIN:schema_mode = template
   idmap config DOMAIN:range = 16777216-33554431

   log level = 6


Using that smb.conf "wbinfo -u" or -g are working, as is working "wbinfo -t
some_user"

/etc/nsswitch.conf has been modified as follow:
# grep winbind /etc/nsswitch.conf
passwd:         compat winbind
group:          compat winbind

PAM configuration has been auto-altered as follow:
/etc/pam.d/common-account:18:
account    [success=1 new_authtok_reqd=done default=ignore]
pam_winbind.so use_first_pass
/etc/pam.d/common-auth:18:
auth  [success=1 default=ignore]      pam_winbind.so krb5_auth
krb5_ccache_type=FILE cached_login try_first_pass
/etc/pam.d/common-password:26:
password  [success=1 default=ignore]      pam_winbind.so use_authtok
try_first_pass
/etc/pam.d/common-session:25:
session    optional                        pam_winbind.so
/etc/pam.d/common-session-noninteractive:25:
session     optional                        pam_winbind.so

Logs in log.winbindd:
[2017/07/19 15:30:58.122017,  6]
../source3/winbindd/winbindd.c:918(new_connection)
  accepted socket 32
[2017/07/19 15:30:58.122240,  3]
../source3/winbindd/winbindd_misc.c:396(winbindd_interface_version)
  [ 8727]: request interface version (version = 28)
[2017/07/19 15:30:58.122475,  3]
../source3/winbindd/winbindd_misc.c:429(winbindd_priv_pipe_dir)
  [ 8727]: request location of privileged pipe
[2017/07/19 15:30:58.122767,  6]
../source3/winbindd/winbindd.c:918(new_connection)
  accepted socket 34
[2017/07/19 15:30:58.122918,  6]
../source3/winbindd/winbindd.c:967(winbind_client_request_read)
  closing socket 32, client exited
[2017/07/19 15:30:58.123104,  3]
../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
  getpwnam agasmi
[2017/07/19 15:30:58.123546,  5]
../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
  Could not convert sid S-1-5-21-123456789-0123456789-123456789-1234:
NT_STATUS_NONE_MAPPED
[2017/07/19 15:30:58.123827,  6]
../source3/winbindd/winbindd.c:967(winbind_client_request_read)
  closing socket 34, client exited

If anyone has an idea of what I missed, that would be great.

Cheers,

mathias


More information about the samba mailing list