[Samba] Winbind - NSS problem?
Rowland Penny
rpenny at samba.org
Wed May 30 15:27:20 UTC 2018
On Wed, 30 May 2018 16:55:02 +0200
Luciano Mannucci via samba <samba at lists.samba.org> wrote:
>
> Hello all,
>
> I have a very old samba server, successfully migrated from 2.11 to
> 3.x, then now to 4.8.0 while the windows userbase went from workgroup
> to AD, now on AD 2008R2. Everything seems to work flawlessly till a
> new user was added to the AD. From my samba server I can't see it in
> the getent passwd list (the others are all there) tough wbinfo -a
> newuser%password says:
>
> plaintext password authentication succeeded
> challenge/response password authentication succeeded
>
> wbinfo -i says
>
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user newuser
>
> Of course the new user cannot see it's home directory.
>
> Of course I restarted the service, cleaned the cache and even
> bootstrapped my server, removed the *tdb files end rejoined
> the domain.
>
> Has someone else seen the same?
>
> My relevant configuration:
>
> nsswitch.conf
> #
> group: winbind files
> passwd: winbind files
They should be the other way around 'files winbind'
>
> smb4.conf:
> [global]
> security = ADS
> netbios name = HERMES
> server string = "HERMES"
> password server = 192.168.132.4 *
Remove the above line
> workgroup = MCS2003
> idmap uid = 3000-8004
> idmap gid = 800-1988
The above two lines are deprecated
Add these lines instead:
idmap config * : backend = tdb
idmap config * : range = 10000-11000
> idmap config MCS2003 : backend = rid
> idmap config MCS2003 : range = 3000 - 8004
Change the above line to:
idmap config MCS2003 : range = 800-8004
> winbind enum users = yes
> winbind enum groups = yes
Remove the above two lines
> template homedir = /dati/mailbox/%U
> template shell = /bin/tcsh
> os level = 2
> time server = Yes
Really, a Unix domain member as a time server ?
Rowland
More information about the samba
mailing list