Hi, I'm using the Samba RPM's from Fedora Core 2 RPM's (3.0.7-2.FC2) as an authentication backend for a Squid Proxy server. It all seems to work fine, until I (try to)authenticate against a domain-group.. I started trying with 3.0.6-2.FC2, which also didn't work... This is a pretty clean/fresh installation of Fedora Core 2, for whatever that's worth... I've succeeded joining the Windows NT4 domain (RZH_NT)... Winbind seems to work fine at first.. I can test the trust-secret ok, even authenticate a user from the domain (RBasti), it can see the domain-groups (Internet), get te sid, but it can't convert the sid to a gid... # wbinfo -t checking the trust secret via RPC calls succeeded # wbinfo -u |grep RBasti RBasti # wbinfo -a RBasti%******** (passwd blanked) plaintext password authentication succeeded challenge/response password authentication succeeded # wbinfo -g |grep Internet Internet # wbinfo -n Internet S-1-5-21-637226847-105070846-619646970-7160 Domain Group (2) # wbinfo -Y S-1-5-21-637226847-105070846-619646970-7160 Could not convert sid S-1-5-21-637226847-105070846-619646970-7160 to gid Any idea's? I also don't see any domain-users/groups appearing in /etc/passwd or /etc/group... I guess that's why wbinfo -Y is failing, but I can't figure out how to find out what's preventing this from working... Remco
Follow up for my problem: a "getent passwd" leaves me with a ton of these entries in winbind.log: [2004/09/17 17:27:15, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50) error getting user id for sid S-1-5-21-637226847-105070846-619646970-6034 [2004/09/17 17:27:15, 1] nsswitch/winbindd_user.c:winbindd_getpwent(571) could not lookup domain user AMoore [2004/09/17 17:27:15, 0] sam/idmap_tdb.c:db_allocate_id(106) idmap Fatal Error: UID range full!! (max: 25000) [2004/09/17 17:27:15, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50) error getting user id for sid S-1-5-21-637226847-105070846-619646970-4427 [2004/09/17 17:27:15, 1] nsswitch/winbindd_user.c:winbindd_getpwent(571) could not lookup domain user AMulde [2004/09/17 17:27:15, 0] sam/idmap_tdb.c:db_allocate_id(106) idmap Fatal Error: UID range full!! (max: 25000) [2004/09/17 17:27:15, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50) error getting user id for sid S-1-5-21-637226847-105070846-619646970-6929 [2004/09/17 17:27:15, 1] nsswitch/winbindd_user.c:winbindd_getpwent(571) could not lookup domain user AMunst [2004/09/17 17:27:15, 0] sam/idmap_tdb.c:db_allocate_id(106) idmap Fatal Error: UID range full!! (max: 25000) And the getent only shows local linux-users, no domain-users. Anybody knows where to look??? Thanks, Remco -----Oorspronkelijk bericht----- Van: Bastiaans, Remco [mailto:r.bastiaans@rijnland.nl] Verzonden: woensdag 15 september 2004 13:35 Aan: 'samba@lists.samba.org' Onderwerp: [Samba] Winbind could not convert sid to gid... Hi, I'm using the Samba RPM's from Fedora Core 2 RPM's (3.0.7-2.FC2) as an authentication backend for a Squid Proxy server. It all seems to work fine, until I (try to)authenticate against a domain-group.. I started trying with 3.0.6-2.FC2, which also didn't work... This is a pretty clean/fresh installation of Fedora Core 2, for whatever that's worth... I've succeeded joining the Windows NT4 domain (RZH_NT)... Winbind seems to work fine at first.. I can test the trust-secret ok, even authenticate a user from the domain (RBasti), it can see the domain-groups (Internet), get te sid, but it can't convert the sid to a gid... # wbinfo -t checking the trust secret via RPC calls succeeded # wbinfo -u |grep RBasti RBasti # wbinfo -a RBasti%******** (passwd blanked) plaintext password authentication succeeded challenge/response password authentication succeeded # wbinfo -g |grep Internet Internet # wbinfo -n Internet S-1-5-21-637226847-105070846-619646970-7160 Domain Group (2) # wbinfo -Y S-1-5-21-637226847-105070846-619646970-7160 Could not convert sid S-1-5-21-637226847-105070846-619646970-7160 to gid Any idea's? I also don't see any domain-users/groups appearing in /etc/passwd or /etc/group... I guess that's why wbinfo -Y is failing, but I can't figure out how to find out what's preventing this from working... Remco -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Solved this problem by downloading the RPM-packages from Samba.org, and installing 'm over the Fedora-packages... -----Oorspronkelijk bericht----- Van: Bastiaans, Remco [mailto:r.bastiaans@rijnland.nl] Verzonden: vrijdag 17 september 2004 17:31 Aan: 'samba@lists.samba.org' Onderwerp: RE: [Samba] Winbind could not convert sid to gid... Follow up for my problem: a "getent passwd" leaves me with a ton of these entries in winbind.log: [2004/09/17 17:27:15, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50) error getting user id for sid S-1-5-21-637226847-105070846-619646970-6034 [2004/09/17 17:27:15, 1] nsswitch/winbindd_user.c:winbindd_getpwent(571) could not lookup domain user AMoore [2004/09/17 17:27:15, 0] sam/idmap_tdb.c:db_allocate_id(106) idmap Fatal Error: UID range full!! (max: 25000) [2004/09/17 17:27:15, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50) error getting user id for sid S-1-5-21-637226847-105070846-619646970-4427 [2004/09/17 17:27:15, 1] nsswitch/winbindd_user.c:winbindd_getpwent(571) could not lookup domain user AMulde [2004/09/17 17:27:15, 0] sam/idmap_tdb.c:db_allocate_id(106) idmap Fatal Error: UID range full!! (max: 25000) [2004/09/17 17:27:15, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50) error getting user id for sid S-1-5-21-637226847-105070846-619646970-6929 [2004/09/17 17:27:15, 1] nsswitch/winbindd_user.c:winbindd_getpwent(571) could not lookup domain user AMunst [2004/09/17 17:27:15, 0] sam/idmap_tdb.c:db_allocate_id(106) idmap Fatal Error: UID range full!! (max: 25000) And the getent only shows local linux-users, no domain-users. Anybody knows where to look??? Thanks, Remco -----Oorspronkelijk bericht----- Van: Bastiaans, Remco [mailto:r.bastiaans@rijnland.nl] Verzonden: woensdag 15 september 2004 13:35 Aan: 'samba@lists.samba.org' Onderwerp: [Samba] Winbind could not convert sid to gid... Hi, I'm using the Samba RPM's from Fedora Core 2 RPM's (3.0.7-2.FC2) as an authentication backend for a Squid Proxy server. It all seems to work fine, until I (try to)authenticate against a domain-group.. I started trying with 3.0.6-2.FC2, which also didn't work... This is a pretty clean/fresh installation of Fedora Core 2, for whatever that's worth... I've succeeded joining the Windows NT4 domain (RZH_NT)... Winbind seems to work fine at first.. I can test the trust-secret ok, even authenticate a user from the domain (RBasti), it can see the domain-groups (Internet), get te sid, but it can't convert the sid to a gid... # wbinfo -t checking the trust secret via RPC calls succeeded # wbinfo -u |grep RBasti RBasti # wbinfo -a RBasti%******** (passwd blanked) plaintext password authentication succeeded challenge/response password authentication succeeded # wbinfo -g |grep Internet Internet # wbinfo -n Internet S-1-5-21-637226847-105070846-619646970-7160 Domain Group (2) # wbinfo -Y S-1-5-21-637226847-105070846-619646970-7160 Could not convert sid S-1-5-21-637226847-105070846-619646970-7160 to gid Any idea's? I also don't see any domain-users/groups appearing in /etc/passwd or /etc/group... I guess that's why wbinfo -Y is failing, but I can't figure out how to find out what's preventing this from working... Remco -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba