samba - Aug 2004 - err: I have no name (Idmap Ldap)

I succesfully setted up the winbind with "idmap backend =
ldap:ldap:..."
LDAP is used only to store idmap's.

The problem:
On the server with OpenLDAP and winbind, all is working fine! Thanks to 
the SAMBA team and OSS community!


But on the second server, where winbind is used to authenticate users 
and retrieve uid's from server with ldap, users get error message: "id:
cannot find name for user ID ...". The authentication works fine, users 
can use their samba shares, but ssh sessions are not more accessible 
(There is error, that it is not possible to retrieve username for 
lastlog and session closes).

May bee someone had already such problem, and know's solution?

There is some illustration of problem:

======[root@virsis /]# wbinfo -t
checking the trust secret via RPC calls succeeded
======[root@virsis /]# wbinfo -u
...skip
tst10
tst11
...skip
======[root@virsis /]# getent passwd | grep tst1
tst10:x:20694:30000::/skola/tst10:/bin/bash
tst11:x:20695:30000::/skola/tst11:/bin/bash
...skip
======But!

[root@virsis /]# su tst10
Creating directory '/skola/tst10'.
Creating directory '/skola/tst10/tmp'.
id: cannot find name for user ID 20694
[I have no name!@virsis /]$

and

[I have no name!@virsis tst10]$ ls -l
total 4
drwxr-xr-x  2 20694 30000 4096 aug 21 13:27 tmp/
======

The both systems are like each other:

The configuration on both servers are like each other:

- Mandrake Cooker
- samba 3.0.5.2 (including winbind)

The samba.conf on secondary server

[root@virsis root]# cat /etc/samba/smb.conf
[global]
         workgroup = SKOLA
         security = domain
         netbios name = VIRSIS
         winbind use default domain = yes
         default service = homes
         unix charset = iso8859-13
         idmap gid = 20000-30000
         idmap uid = 30000-40000
         winbind separator = +
         winbind use default domain = yes
         idmap backend = ldap:ldap://10.0.0.50
         ldap admin dn = cn=Manager,dc=venta,dc=lv
         ldap suffix = dc=venta,dc=lv
         ldap idmap suffix = ou=Idmap
         winbind enum users = yes
         winbind enum groups = yes
         encrypt passwords = Yes
         template homedir = /skola/%U
         os level = 18
         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
         wins server = 10.0.0.10
         log level = 3
         obey pam restrictions = yes
         template shell = /bin/bash
         max log size = 200
         min protocol = NT1
         password server = *
         local master = No
[homes]
...skip

The /etc/nsswitch.conf
...
passwd:     files winbind nisplus nis
shadow:     files nisplus nis
group:      files winbind nisplus nis
...

There is no working nscd daemon, which will cause "I have no name!"
problem.

Thanks!
Gints

Solved.

There was mistake in smb.conf file, the "idmap uid" value was
incorrect.

Gints

gints neimanis wrote:
> I succesfully setted up the winbind with "idmap backend =
ldap:ldap:..."
> LDAP is used only to store idmap's.
> 
> The problem:
> On the server with OpenLDAP and winbind, all is working fine! Thanks to 
> the SAMBA team and OSS community!
> 
> 
> But on the second server, where winbind is used to authenticate users 
> and retrieve uid's from server with ldap, users get error message:
"id:
> cannot find name for user ID ...". The authentication works fine,
users
> can use their samba shares, but ssh sessions are not more accessible 
> (There is error, that it is not possible to retrieve username for 
> lastlog and session closes).
> 
> May bee someone had already such problem, and know's solution?
> 
> There is some illustration of problem:
> 
> ======> [root@virsis /]# wbinfo -t
> checking the trust secret via RPC calls succeeded
> ======> [root@virsis /]# wbinfo -u
> ...skip
> tst10
> tst11
> ...skip
> ======> [root@virsis /]# getent passwd | grep tst1
> tst10:x:20694:30000::/skola/tst10:/bin/bash
> tst11:x:20695:30000::/skola/tst11:/bin/bash
> ...skip
> ======> But!
> 
> [root@virsis /]# su tst10
> Creating directory '/skola/tst10'.
> Creating directory '/skola/tst10/tmp'.
> id: cannot find name for user ID 20694
> [I have no name!@virsis /]$
> 
> and
> 
> [I have no name!@virsis tst10]$ ls -l
> total 4
> drwxr-xr-x  2 20694 30000 4096 aug 21 13:27 tmp/
> ======> 
> 
> The both systems are like each other:
> 
> The configuration on both servers are like each other:
> 
> - Mandrake Cooker
> - samba 3.0.5.2 (including winbind)
> 
> The samba.conf on secondary server
> 
> [root@virsis root]# cat /etc/samba/smb.conf
> [global]
>         workgroup = SKOLA
>         security = domain
>         netbios name = VIRSIS
>         winbind use default domain = yes
>         default service = homes
>         unix charset = iso8859-13
>         idmap gid = 20000-30000
>         idmap uid = 30000-40000
>         winbind separator = +
>         winbind use default domain = yes
>         idmap backend = ldap:ldap://10.0.0.50
>         ldap admin dn = cn=Manager,dc=venta,dc=lv
>         ldap suffix = dc=venta,dc=lv
>         ldap idmap suffix = ou=Idmap
>         winbind enum users = yes
>         winbind enum groups = yes
>         encrypt passwords = Yes
>         template homedir = /skola/%U
>         os level = 18
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         wins server = 10.0.0.10
>         log level = 3
>         obey pam restrictions = yes
>         template shell = /bin/bash
>         max log size = 200
>         min protocol = NT1
>         password server = *
>         local master = No
> [homes]
> ...skip
> 
> The /etc/nsswitch.conf
> ...
> passwd:     files winbind nisplus nis
> shadow:     files nisplus nis
> group:      files winbind nisplus nis
> ...
> 
> There is no working nscd daemon, which will cause "I have no
name!"
> problem.
> 
> Thanks!
> Gints