samba - Oct 2011 - winbind nsswitch resolving names issue

Hi,

I manage have a mixed enviroment, which is composed by a BDC win2k3 plus
fileserver linux Suse with samba ver. 3.0.22-13.16, an old one I know...
:( 

I'm facing an odds behaviour with wbinfo querying by bash console from
my linux desktop (ubuntu 11.04 smb 3.5.8, joined in domain and regularly
I authenticated to). For my purpose I've written this tiny script
"idtest.sh" :

#!/bin/bash
user=$1

if [ -z $user ]; then
        echo "Usage :  idtest.sh  username_to_search"
        exit 1
fi

for gruppo in `id -G $user`; do
if [ "$gruppo"  -ge "10000" ]; then
  sid=`wbinfo -G $gruppo`
  desc=`wbinfo -s $sid`
  echo $gruppo  - $sid - $desc
fi
done

exit 0


Is not clear to me why if I query my user, randomly it doesn't show mine
"Domain Local Group", only Global Group... I underline this happen
randomly, it seems to me...

Also, at some point with command "id" I can see all my group but at
same
time "wbinfo -r myaccount" doesn't show Local Group again...   And
I
need be sure to retrive clearly all domain groups, local and global....

I tried to give a look (a bit in deep as well), to winbind wbinfo smb...
at these matter, but I'm unable to find a clear response, what am I
missing ?

Finally I would ask some clarification about "option compat" in
nsswich.conf, 'cause I've not find in doc and man a clear explanation.


Any help would be appreciated, thx in advance...
Alessio.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.samba.org/pipermail/samba/attachments/20111028/84a87a5d/attachment.pgp>

Alessio Tomelleri - ARPAV Dipartimento di Belluno wrote:

> 
> Is not clear to me why if I query my user, randomly it doesn't show
mine
> "Domain Local Group", only Global Group... I underline this
happen
> randomly, it seems to me...
> 
> Finally I would ask some clarification about "option compat" in
> nsswich.conf, 'cause I've not find in doc and man a clear
explanation.
----

 From Manpage from nsswitch.conf:
   ** Interaction with +/- syntax (compat mode)
   Linux  libc5 without NYS does not have the name service switch but does
   allow the user some policy control.   In  /etc/passwd  you  could  have
   entries  of  the  form  +user or + at netgroup (include the specified user
   from the NIS passwd map), -user or - at netgroup  (exclude  the  specified
   user),  and  +  (include every user, except the excluded ones, from the
   NIS passwd map).  Since most  people  only  put  a  +  at  the  end  of
   /etc/passwd  to  include  everything  from  NIS,  the switch provides a
   faster alternative for this case (`passwd: files  nis')  which 
doesn't
   require the single + entry in /etc/passwd, /etc/group, and /etc/shadow.
   If this is not sufficient, the NSS `compat' service provides  full  +/-
   semantics.  By default, the source is `nis', but this may be overridden
   by specifying `nisplus' as source for the pseudo-databases  passwd_com?
   pat,  group_compat  and shadow_compat.  These pseudo-databases are only
   available in GNU C Library.

---

That's as much as I know...i.e. will likely use your /etc/passwd/group
unless you have NIS....and GNU provides some GNU specific extensions to 
support similar features.


As to the other prob -- random info returned...you are running samba 
right?  Random results are a key feature!   ;-)

Seriously...do you have something like nscd running or some other
directory service (ldap/yp/nis) that might be returning it's
"opinion"
on the information rather than it always going to wb?

(I have lots of probs with wb, so anything I say should be considered with
a full salt container in hand...just in case)...

linda