[Samba] Winbind - NSS problem?
Luciano Mannucci
luciano at vespaperitivo.it
Wed May 30 14:55:02 UTC 2018
Hello all,
I have a very old samba server, successfully migrated from 2.11 to 3.x,
then now to 4.8.0 while the windows userbase went from workgroup to AD,
now on AD 2008R2. Everything seems to work flawlessly till a new user
was added to the AD. From my samba server I can't see it in the getent
passwd list (the others are all there) tough wbinfo -a newuser%password
says:
plaintext password authentication succeeded
challenge/response password authentication succeeded
wbinfo -i says
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user newuser
Of course the new user cannot see it's home directory.
Of course I restarted the service, cleaned the cache and even
bootstrapped my server, removed the *tdb files end rejoined
the domain.
Has someone else seen the same?
My relevant configuration:
nsswitch.conf
#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: releng/10.4/etc/nsswitch.conf 224765 2011-08-10 20:52:02Z dougb $
#
#group: compat
group: winbind files
group_compat: nis
hosts: files dns
networks: files
#passwd: compat
passwd: winbind files
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
smb4.conf:
[global]
security = ADS
netbios name = HERMES
server string = "HERMES"
password server = 192.168.132.4 *
workgroup = MCS2003
idmap uid = 3000-8004
idmap gid = 800-1988
idmap config MCS2003 : backend = rid
idmap config MCS2003 : range = 3000 - 8004
winbind enum users = yes
winbind enum groups = yes
template homedir = /dati/mailbox/%U
template shell = /bin/tcsh
os level = 2
time server = Yes
unix extensions = Yes
encrypt passwords = Yes
map to guest = Bad User
log level = 1 auth:10 winbind:2
log file = /var/log/samba/users/%m.log
wins support = No
max xmit = 8192
max protocol = SMB3_11
realm = MCS2003.IT
winbind refresh tickets = yes
winbind use default domain = yes
client use spnego = yes
client ntlmv2 auth = yes
usershare allow guests = No
nt pipe support = no
write cache size = 65536
allow trusted domains = no
[homes]
comment = Home Directory for %S
vfs objects = zfsacl
path = /dati/mailbox/%S
browseable = yes
guest ok = no
read only = No
create mask = 0644
directory mask = 0755
preserve case = yes
short preserve case = yes
Luciano.
--
/"\ /Via A. Salaino, 7 - 20144 Milano (Italy)
\ / ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250
X AGAINST HTML MAIL / E-MAIL: posthamster at sublink.sublink.ORG
/ \ AND POSTINGS / WWW: http://www.lesassaie.IT/
More information about the samba
mailing list