samba - Jan 2010 - wbinfo, net, getent and groups

I have two servers running Samba 2.3.3, one as a Domain Controller one 
as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and 
winbindd using the tdb back end are running on both.

I am don't understand the results. As far as I can tell I have 
everything configured as it should be.

The basic globals for the DC

[global]
         workgroup = ATLANTA
         time server = Yes
         hostname lookups = Yes
         domain logons = Yes
         preferred master = Yes
         domain master = Yes
         wins support = Yes
         idmap uid = 10000-20000
         idmap gid = 10000-20000
         winbind enum users = Yes
         winbind enum groups = Yes
         hide dot files = No


The glbals for the Member Server

[global]
         workgroup = ATLANTA
         security = DOMAIN
         password server = 192.168.1.24
         name resolve order = wins bcast hosts
         wins proxy = Yes
         wins server = 192.168.1.24
         idmap uid = 10000-20000
         idmap gid = 10000-20000
         template shell = /bin/bash
         winbind enum users = Yes
         winbind enum groups = Yes
         hosts allow = 192.168.1.0/255.255.255.0

getent does not return the names on any domain groups or users.

wbinfo does return the names on domains groups and users.

BUILTIN\administrators
BUILTIN\users
ATLANTA\domain users
ATLANTA\domain guests
ATLANTA\domain admins

net groupmap list  on the DC shows mapping to groups

Backup Operators (S-1-5-32-551) -> backup
Power Users (S-1-5-32-547) -> atlanta
Replicators (S-1-5-32-552) -> staff
Domain Users (S-1-5-21-4166445610-3302986456-3838465043-513) -> samba
Domain Guests (S-1-5-21-4166445610-3302986456-3838465043-514) -> nogroup
Administrators (S-1-5-32-544) -> staff
Account Operators (S-1-5-32-548) -> account
Users (S-1-5-32-545) -> samba
Print Operators (S-1-5-32-550) -> print
Guests (S-1-5-32-546) -> nogroup
System Operators (S-1-5-32-549) -> operator
Domain Admins (S-1-5-21-4166445610-3302986456-3838465043-512) -> staff

net groupmap list on the Member Server shows only the builtin in groups

Administrators (S-1-5-32-544) -> BUILTIN\administrators
Users (S-1-5-32-545) -> BUILTIN\users

-- 
Robert Steinmetz, AIA
Principal
Steinmetz & Associates

I've found at least part of the problem. PAM was not properly 
configured. Apparently I had used a configuration for a previous version 
of pam which did not work with my setup..


On 1/22/2010 2:49 PM, Robert Steinmetz AIA wrote:
> I have two servers running Samba 2.3.3, one as a Domain Controller one 
> as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and 
> winbindd using the tdb back end are running on both.
>
> I am don't understand the results. As far as I can tell I have 
> everything configured as it should be.
>
> The basic globals for the DC
>
> [global]
>         workgroup = ATLANTA
>         time server = Yes
>         hostname lookups = Yes
>         domain logons = Yes
>         preferred master = Yes
>         domain master = Yes
>         wins support = Yes
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
>         winbind enum users = Yes
>         winbind enum groups = Yes
>         hide dot files = No
>
>
> The glbals for the Member Server
>
> [global]
>         workgroup = ATLANTA
>         security = DOMAIN
>         password server = 192.168.1.24
>         name resolve order = wins bcast hosts
>         wins proxy = Yes
>         wins server = 192.168.1.24
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
>         template shell = /bin/bash
>         winbind enum users = Yes
>         winbind enum groups = Yes
>         hosts allow = 192.168.1.0/255.255.255.0
>
> getent does not return the names on any domain groups or users.
>
> wbinfo does return the names on domains groups and users.
>
> BUILTIN\administrators
> BUILTIN\users
> ATLANTA\domain users
> ATLANTA\domain guests
> ATLANTA\domain admins
>
> net groupmap list  on the DC shows mapping to groups
>
> Backup Operators (S-1-5-32-551) -> backup
> Power Users (S-1-5-32-547) -> atlanta
> Replicators (S-1-5-32-552) -> staff
> Domain Users (S-1-5-21-4166445610-3302986456-3838465043-513) -> samba
> Domain Guests (S-1-5-21-4166445610-3302986456-3838465043-514) -> nogroup
> Administrators (S-1-5-32-544) -> staff
> Account Operators (S-1-5-32-548) -> account
> Users (S-1-5-32-545) -> samba
> Print Operators (S-1-5-32-550) -> print
> Guests (S-1-5-32-546) -> nogroup
> System Operators (S-1-5-32-549) -> operator
> Domain Admins (S-1-5-21-4166445610-3302986456-3838465043-512) -> staff
>
> net groupmap list on the Member Server shows only the builtin in groups
>
> Administrators (S-1-5-32-544) -> BUILTIN\administrators
> Users (S-1-5-32-545) -> BUILTIN\users
>

-- 
*Robert Steinmetz, AIA*
Principal
*Steinmetz & Associates*