/usr/local/samba/sbin/winbindd broken?
Rowland Penny
repenny at f2s.com
Wed Aug 29 08:51:25 MDT 2012
Hi,
As some of you may know, I have been testing nmbd,smbd & winbindd from
Samba 4 as a client.
Well, after a good bit of testing and scratching of head, I have come to
the conclusion that something in the /usr/local/samba/sbin/winbindd
daemon is broken.
If, on a Samba 3.6.3 client, I type the command 'getent group', I only
get the local users, on the Samba 4 client I get the local users plus
ALL the domain groups, but all the info is the domain info not the POSIX
info, for example:
domain_admins:x:1117:administrator
On the S3 client 'getent group Domain\ Computers' returns nothing
because 'Domain Computers' is not a POSIX group, but on the S4 client
'getent group Domain\ Computers' returns:
domain_computers:x:1114:
With 'getent passwd rowland' it is just the same, samba4 client returns:
rowland:*:1105:1103:rowland:/home/HOME/rowland:/bin/bash
This is what the S3 client returns:
rowland:*:3000016:3000012:rowland:/home/HOME/linuxusers/rowland:/bin/bash
A bit different isn't it? and the S3 client returns the same info that
the samba4 server does
This is what is in the smb.conf on both clients:
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind expand groups = 4
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind offline logon = yes
winbind normalize names = Yes
idmap config HOME:schema_mode = rfc2307
idmap config HOME:range = 20000-3100000
idmap config HOME:backend = ad
idmap config *:range = 1100-2000
idmap config *:backend = tdb
I have created the symlink to libnss_winbind.so.2, I get nothing without
this, I have also altered nsswitch.conf.
My feelings are that, winbindd on a samba4 client is ignoring the first
three idmap lines, but I do not know how to confirm this.
So, unless the idea is to move to just using ms domain info and
forgetting POSIX, I think that /usr/local/samba/sbin/winbindd is broken,
unless somebody has any other suggestions that I can try?
Rowland
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the samba-technical
mailing list