[Samba] [samba] Member server winbind issue
mathias dufresne
infractory at gmail.com
Sat Jul 22 23:33:15 UTC 2017
Hi all,
I'm trying to set up a Samba file server authenticating against Samba AD
domain and I'm facing an issue configuring winbind:
- wbinfo -n username works, it gives username's SID
- wbinfo -S <username's SID> works, it gives username's UID
but wbinfo -i username does not work:
wbinfo -i username
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user username
log.winbindd gives:
[2017/07/23 01:27:01.433530, 6]
../source3/winbindd/winbindd.c:918(new_connection)
accepted socket 27
[2017/07/23 01:27:01.433741, 3]
../source3/winbindd/winbindd_misc.c:396(winbindd_interface_version)
[ 1276]: request interface version (version = 28)
[2017/07/23 01:27:01.433949, 3]
../source3/winbindd/winbindd_misc.c:429(winbindd_priv_pipe_dir)
[ 1276]: request location of privileged pipe
[2017/07/23 01:27:01.434226, 6]
../source3/winbindd/winbindd.c:918(new_connection)
accepted socket 29
[2017/07/23 01:27:01.434376, 6]
../source3/winbindd/winbindd.c:967(winbind_client_request_read)
closing socket 27, client exited
[2017/07/23 01:27:01.434542, 3]
../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
getpwnam madmin
[2017/07/23 01:27:01.442499, 5]
../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
Could not convert sid S-1-5-21-0123456789-0123456789-12345678-2678:
NT_STATUS_NONE_MAPPED
[2017/07/23 01:27:01.442845, 6]
../source3/winbindd/winbindd.c:967(winbind_client_request_read)
closing socket 29, client exited
smb.conf is the following:
------------------------------------
[global]
netbios name = SMBSRV
realm = AD.INFRACTORY.ORG
workgroup = AD
security = ADS
#log file = /var/log/samba/%m.log
log level = 8
kerberos method = dedicated keytab
dedicated keytab file = /etc/krb5.keytab
# Default ID mapping configuration for local BUILTIN accounts
# and groups on a domain member. The default (*) domain:
# - must not overlap with any domain ID mapping configuration!
# - must use a read-write-enabled back end, such as tdb.
# - Adding just this is not enough
# - You must set a DOMAIN backend configuration, see below
idmap config * : backend = tdb
idmap config * : range = 1200-1499
winbind nss info = rfc2307
# idmap config for the AD domain
idmap config AD:backend = ad
idmap config AD:schema_mode = rfc2307
idmap config AD:range = 1500-99999999
idmap config AD:unix_primary_group = yes
winbind use default domain = yes
------------------------------------
Currently no share is declared.
On both DC wbinfo -n, -S and -i are all working (no idea if it proves
anything)
Wishing you a great week-end,
mathias
More information about the samba
mailing list