[Samba] [samba] Member server winbind issue

mathias dufresne infractory at gmail.com
Sat Jul 22 23:33:15 UTC 2017 

Hi all,

I'm trying to set up a Samba file server authenticating against Samba AD
domain and I'm facing an issue configuring winbind:
- wbinfo -n username works, it gives username's SID
- wbinfo -S <username's SID> works, it gives username's UID

but wbinfo -i username does not work:

wbinfo -i username
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user username

log.winbindd gives:
[2017/07/23 01:27:01.433530,  6]
../source3/winbindd/winbindd.c:918(new_connection)
  accepted socket 27
[2017/07/23 01:27:01.433741,  3]
../source3/winbindd/winbindd_misc.c:396(winbindd_interface_version)
  [ 1276]: request interface version (version = 28)
[2017/07/23 01:27:01.433949,  3]
../source3/winbindd/winbindd_misc.c:429(winbindd_priv_pipe_dir)
  [ 1276]: request location of privileged pipe
[2017/07/23 01:27:01.434226,  6]
../source3/winbindd/winbindd.c:918(new_connection)
  accepted socket 29
[2017/07/23 01:27:01.434376,  6]
../source3/winbindd/winbindd.c:967(winbind_client_request_read)
  closing socket 27, client exited
[2017/07/23 01:27:01.434542,  3]
../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
  getpwnam madmin
[2017/07/23 01:27:01.442499,  5]
../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
  Could not convert sid S-1-5-21-0123456789-0123456789-12345678-2678:
NT_STATUS_NONE_MAPPED
[2017/07/23 01:27:01.442845,  6]
../source3/winbindd/winbindd.c:967(winbind_client_request_read)
  closing socket 29, client exited

smb.conf is the following:
------------------------------------
[global]
  netbios name = SMBSRV
  realm = AD.INFRACTORY.ORG
  workgroup = AD

  security = ADS

  #log file = /var/log/samba/%m.log
  log level = 8

  kerberos method = dedicated keytab
  dedicated keytab file = /etc/krb5.keytab

  # Default ID mapping configuration for local BUILTIN accounts
  # and groups on a domain member. The default (*) domain:
  # - must not overlap with any domain ID mapping configuration!
  # - must use a read-write-enabled back end, such as tdb.
  # - Adding just this is not enough
  # - You must set a DOMAIN backend configuration, see below
  idmap config * : backend = tdb
  idmap config * : range = 1200-1499

  winbind nss info = rfc2307

  # idmap config for the AD domain
  idmap config AD:backend = ad
  idmap config AD:schema_mode = rfc2307
  idmap config AD:range = 1500-99999999
  idmap config AD:unix_primary_group = yes

  winbind use default domain = yes
------------------------------------
Currently no share is declared.

On both DC wbinfo -n, -S and -i are all working (no idea if it proves
anything)

Wishing you a great week-end,

mathias

More information about the samba mailing list