[Samba] winbind -r not showing any groups

Andreas Hauffe andreas.hauffe at tu-dresden.de
Tue Jun 21 18:25:24 UTC 2022 

Hi,

I was able to solve the problem with the help of people in the openSUSE 
bug list (https://bugzilla.opensuse.org/show_bug.cgi?id=1200754)

In fact it was an apparmor problem, which refused samba-dcerpcd and so 
on to work correctly.

Now all user groups are listed.

Regards,

-- 

Andreas Hauffe**


Am 21.06.22 um 09:22 schrieb Andreas Hauffe via samba:
> Dear list,
>
> I'm using SAMBA 4.16.2 on a openSUSE Leap 15.4 platform as a domain 
> member, but I'm unable to get "winbind -r" to work. Also the linux 
> "groups" command show local groups only (as a result?).
>
> When running "winbind -r DOM+username" I'm getting the following error 
> in the logs:
>
> Jun 21 09:02:23 lftworkli06 winbindd[12376]: [2022/06/21 
> 09:02:23.768314,  0] 
> ../../source3/winbindd/winbindd_samr.c:72(open_internal_samr_conn)
> Jun 21 09:02:23 lftworkli06 winbindd[12376]: 
>   open_internal_samr_conn: Could not connect to samr pipe: 
> NT_STATUS_CONNECTION_DISCONNECTED
>
> smb.conf
>
> [global]
>
>    netbios name = lftworkli06
>    security = ADS
>    workgroup = ILRW
>    realm = ILRW.ING.DOM.TU-DRESDEN.DE
>    dedicated keytab file = /etc/krb5.keytab
>    kerberos method = secrets and keytab
>
>    #rpc start on demand helpers = false
>
>    template homedir = /home/home_ilrw/%U
>    template shell = /bin/bash
>
>    winbind refresh tickets = yes
>    winbind separator = +
>
>    idmap config * : backend = tdb
>    idmap config * : range = 2000-2999
>    idmap config ILRW : backend = rid
>    idmap config ILRW : range = 3000-9999 # UID aus RID fuer ILRW
>    idmap config DOM : backend = rid
>    idmap config DOM : range = 10000-9999999 # UID aus RID fuer DOM
>
> krb.conf
>
> [libdefaults]
>        default_realm = ILRW.ING.DOM.TU-DRESDEN.DE
>        dns_lookup_realm = false
>        dns_lookup_kdc = true
>        ticket_lifetime = 24h
>        renew_lifetime = 7d
>        forwardable = true
>
> [realms]
>   ILRW.ING.DOM.TU-DRESDEN.DE = {
>        auth_to_local = 
> RULE:[1:$0@$1](ILRW\.ING\.DOM\.TU-DRESDEN\.DE at .*)s/\.ING\.DOM\.TU-DRESDEN\.DE@/+/ 
>
>        auth_to_local = 
> RULE:[1:$0@$1](DOM\.TU-DRESDEN\.DE at .*)s/\.TU-DRESDEN\.DE@/+/
>        auth_to_local = DEFAULT
>   }
>   DOM.TU-DRESDEN.DE = {
>        auth_to_local = 
> RULE:[1:$0@$1](ILRW\.ING\.DOM\.TU-DRESDEN\.DE at .*)s/\.ING\.DOM\.TU-DRESDEN\.DE@/+/ 
>
>        auth_to_local = 
> RULE:[1:$0@$1](DOM\.TU-DRESDEN\.DE at .*)s/\.TU-DRESDEN\.DE@/+/
>        auth_to_local = DEFAULT
>   }
>
>

More information about the samba mailing list