I'm going to follow-up to my own post...
Using a W2k Server, SP4 *NOT* post SP4 Rollup 1 as the password server,
Samba will behave as it should. Using a 2k3sp1 or 2ksp4+r1 machine as
the password server, Samba misbehaves.
I saw some traffic on the list a few weeks back that talked about
something very similar to this. I didn't see any resolution (other than
"don't install rollup 1").
What is the status of this situation?
Thanks,
Ben Vaughan
Engineering Computing Support Services
CLUE Network Admin
2240 Hoover Hall
515 294 1629
benvon@iastate.edu
> -----Original Message-----
> From: samba-bounces+benvon=iastate.edu@lists.samba.org [mailto:samba-
> bounces+benvon=iastate.edu@lists.samba.org] On Behalf Of Vaughan, Ben
R> [ECSS]
> Sent: Friday, July 22, 2005 8:39 AM
> To: samba@lists.samba.org
> Subject: [Samba] winbind lookup errors
>
> Hello Samba folks,
>
> I have recently begun seeing some disturbing behavior from winbind.
> Winbind will fail to look up users and groups. Examples:
>
> The machine is configured to use winbind as a nss module.
>
> "getent passwd <username>" will yield no results.
>
> "wbinfo -n <username>" will yield "Could not lookup
name <username>"
>
> "wbinfo -g" works... all of the domain groups are dumped
>
> "wbinfo -u" works.
>
> "wbinfo -t" says everything is ok.
>
> "net ads testjoin" says everything is ok.
>
> I have turned off winbind caching (by adding the -n flag) and have set
> "winbind cache time = 0" in smb.conf in an attempt to remove
caching
as> a culprit.
>
> Any help would be greatly appreciated. This problem is affecting
quite> a few of my servers (around a dozen).
>
> Interesting data is included below.
>
> Thanks,
>
> Ben Vaughan
> College of Engineering
> Iowa State University
>
> Here is a log level 10 dump from winbind.log after running "wbinfo -n
> benvon" (my username):
>
> [2005/07/22 08:33:19, 6] nsswitch/winbindd.c:new_connection(603)
> accepted socket 19
> [2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332)
> process_request: request fn INTERFACE_VERSION
> [2005/07/22 08:33:19, 3]
> nsswitch/winbindd_misc.c:winbindd_interface_version(460)
> [ 0]: request interface version
> [2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332)
> process_request: request fn WINBINDD_PRIV_PIPE_DIR
> [2005/07/22 08:33:19, 3]
> nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493)
> [ 0]: request location of privileged pipe
> [2005/07/22 08:33:19, 6] nsswitch/winbindd.c:new_connection(603)
> accepted socket 21
> [2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332)
> process_request: request fn INFO
> [2005/07/22 08:33:19, 3] nsswitch/winbindd_misc.c:winbindd_info(448)
> [ 0]: request misc info
> [2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332)
> process_request: request fn DOMAIN_NAME
> [2005/07/22 08:33:19, 3]
> nsswitch/winbindd_misc.c:winbindd_domain_name(470)
> [ 0]: request domain name
> [2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332)
> process_request: request fn LOOKUPNAME
> [2005/07/22 08:33:19, 3]
> nsswitch/winbindd_sid.c:winbindd_lookupname(103)
> [ 0]: lookupname ENGR\benvon
> [2005/07/22 08:33:19, 5]
nsswitch/winbindd_async.c:lookupname_recv(627)> lookup_name returned an error
> [2005/07/22 08:33:19, 5] nsswitch/winbindd_sid.c:lookupname_recv(116)
> lookupname returned an error
>
>
> And a log level 10 dump from winbind.log after running "wbinfo -r
> benvon"
>
> [2005/07/22 08:34:12, 6] nsswitch/winbindd.c:new_connection(603)
> accepted socket 19
> [2005/07/22 08:34:12, 10] nsswitch/winbindd.c:process_request(332)
> process_request: request fn INTERFACE_VERSION
> [2005/07/22 08:34:12, 3]
> nsswitch/winbindd_misc.c:winbindd_interface_version(460)
> [ 0]: request interface version
> [2005/07/22 08:34:12, 10] nsswitch/winbindd.c:process_request(332)
> process_request: request fn WINBINDD_PRIV_PIPE_DIR
> [2005/07/22 08:34:12, 3]
> nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493)
> [ 0]: request location of privileged pipe
> [2005/07/22 08:34:12, 6] nsswitch/winbindd.c:new_connection(603)
> accepted socket 21
> [2005/07/22 08:34:12, 10] nsswitch/winbindd.c:process_request(332)
> process_request: request fn GETGROUPS
> [2005/07/22 08:34:12, 3]
> nsswitch/winbindd_group.c:winbindd_getgroups(916)
> [ 0]: getgroups benvon
> [2005/07/22 08:34:12, 7]
> nsswitch/winbindd_group.c:winbindd_getgroups(952)
> winbindd_getpwnam: My domain -- rejecting getgroups() for
ENGR\benvon.>
>
>
> Here is my smb.conf:
>
> [global]
> #unix charset = UTF8
> workgroup = ENGR
> realm = ENGR.super.secret
> server string = Samba 3 server
> security = ADS
> #password server = domain.controller.example
> username map = /etc/samba/smbusers
> guest ok = no
> log file = /var/log/samba/%m.log
> max log size = 50
> log level = 1
>
>
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> dns proxy = No
> wins server = xxx, yyy
> idmap uid = 100000-200000
> idmap gid = 100000-200000
> winbind enum users = no
> winbind enum groups = no
> winbind use default domain = yes
> winbind trusted domains only = yes
> winbind cache time = 0
> wins support = no
>
> map hidden = no
> map archive = no
> map system = no
>
> # we had to do this... hope it helps. Don't confuse this with
> file locking
> # this turns off file caching on the client.
> oplocks = no
>
>
>
>
> Engineering Computing Support Services
> CLUE Network Admin
> 2240 Hoover Hall
> 515 294 1629
> benvon@iastate.edu
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba