Hello, Trying to set up an AD member server, I am stuck on nsswitch not working. wbinfo -u returns the list of domain users, but getent passwd <some user> always fails (exit 2) /etc/nsswitch.conf passwd: files winbind shadow: files winbind group: files winbind $ ls -l /usr/lib64/libnss_w* lrwxrwxrwx 1 root root 19 23 f?vr. 14:39 /usr/lib64/libnss_winbind.so -> libnss_winbind.so.2 -rwxr-xr-x 1 root root 19224 23 f?vr. 14:40 /usr/lib64/libnss_winbind.so.2 lrwxrwxrwx 1 root root 16 23 f?vr. 14:39 /usr/lib64/libnss_wins.so -> libnss_wins.so.2 -rwxr-xr-x 1 root root 10976 23 f?vr. 14:40 /usr/lib64/libnss_wins.so.2 System is Fedora 21 64-bit with up to date packages Thanks
On 22/06/15 07:38, Marc Recht? wrote:> Hello, > > Trying to set up an AD member server, I am stuck on nsswitch not working. > > wbinfo -u returns the list of domain users, but getent passwd <some > user> always fails (exit 2) > > /etc/nsswitch.conf > passwd: files winbind > shadow: files winbind > group: files winbind > > $ ls -l /usr/lib64/libnss_w* > lrwxrwxrwx 1 root root 19 23 f?vr. 14:39 > /usr/lib64/libnss_winbind.so -> libnss_winbind.so.2 > -rwxr-xr-x 1 root root 19224 23 f?vr. 14:40 > /usr/lib64/libnss_winbind.so.2 > lrwxrwxrwx 1 root root 16 23 f?vr. 14:39 /usr/lib64/libnss_wins.so > -> libnss_wins.so.2 > -rwxr-xr-x 1 root root 10976 23 f?vr. 14:40 /usr/lib64/libnss_wins.so.2 > > System is Fedora 21 64-bit with up to date packages > > Thanks >I think you are going to have to give us a bit more info, just telling us it doesn't work, isn't enough. smb.conf, anything in the logs etc Rowland
OK, issuing this command: $ getent passwd tunix Produces in /var/log/log.wb-STUDELEC-SA: 2015/06/22 12:32:37.473115, 4] ../source3/winbindd/winbindd_dual.c:1346(child_handler) Finished processing child request 20 [2015/06/22 12:32:37.473241, 4] ../source3/winbindd/winbindd_dual.c:1338(child_handler) child daemon request 20 [2015/06/22 12:32:37.473278, 3] ../source3/winbindd/winbindd_misc.c:161(winbindd_dual_list_trusted_domains) [27699]: list trusted domains [2015/06/22 12:32:37.473301, 3] ../source3/winbindd/winbindd_ads.c:1427(trusted_domains) ads: trusted_domains [2015/06/22 12:32:37.474261, 4] ../source3/winbindd/winbindd_dual.c:1346(child_handler) Finished processing child request 20 [2015/06/22 12:34:23.262925, 4] ../source3/winbindd/winbindd_dual.c:1338(child_handler) child daemon request 59 [2015/06/22 12:34:23.263078, 3] ../source3/winbindd/winbindd_msrpc.c:252(msrpc_name_to_sid) msrpc_name_to_sid: name=STUDELEC-SA\TUNIX [2015/06/22 12:34:23.263178, 3] ../source3/winbindd/winbindd_msrpc.c:266(msrpc_name_to_sid) name_to_sid [rpc] STUDELEC-SA\TUNIX for domain STUDELEC-SA [2015/06/22 12:34:23.267421, 4] ../source3/winbindd/winbindd_dual.c:1346(child_handler) Finished processing child request 59 [2015/06/22 12:34:23.267684, 4] ../source3/winbindd/winbindd_dual.c:1338(child_handler) child daemon request 59 [2015/06/22 12:34:23.267767, 3] ../source3/winbindd/winbindd_ads.c:605(query_user) ads: query_user [2015/06/22 12:34:23.329798, 3] ../source3/winbindd/winbindd_ads.c:730(query_user) ads query_user gave tunix [2015/06/22 12:34:23.329862, 4] ../source3/winbindd/winbindd_dual.c:1346(child_handler) Finished processing child request 59 [2015/06/22 12:34:23.330027, 4] ../source3/winbindd/winbindd_dual.c:1338(child_handler) child daemon request 59 [2015/06/22 12:34:23.330068, 3] ../source3/winbindd/winbindd_msrpc.c:300(msrpc_sid_to_name) msrpc_sid_to_name: S-1-5-21-497920593-2320919703-1315762108-513 for domain STUDELEC-SA [2015/06/22 12:34:23.331468, 5] ../source3/winbindd/winbindd_msrpc.c:320(msrpc_sid_to_name) Mapped sid to [STUDELEC-SA]\[Utilisateurs du domaine] [2015/06/22 12:34:23.331501, 5] ../source3/winbindd/winbindd_cache.c:1184(resolve_username_to_alias) resolve_username_to_alias: backend query returned NT_STATUS_INVALID_PARAMETER [2015/06/22 12:34:23.331528, 5] ../source3/winbindd/winbindd_msrpc.c:328(msrpc_sid_to_name) returning mapped name -- Utilisateurs_du_domaine [2015/06/22 12:34:23.331563, 4] ../source3/winbindd/winbindd_dual.c:1346(child_handler) Finished processing child request 59 [2015/06/22 12:34:23.331698, 4] ../source3/winbindd/winbindd_dual.c:1338(child_handler) child daemon request 59 [2015/06/22 12:34:23.332704, 4] ../source3/winbindd/winbindd_dual.c:1346(child_handler) Finished processing child request 59 [2015/06/22 12:37:37.501433, 4] ../source3/winbindd/winbindd_dual.c:1338(child_handler) child daemon request 20 [2015/06/22 12:37:37.501560, 3] ../source3/winbindd/winbindd_misc.c:161(winbindd_dual_list_trusted_domains) [27699]: list trusted domains [2015/06/22 12:37:37.501598, 3] ../source3/winbindd/winbindd_ads.c:1427(trusted_domains) ads: trusted_domains [2015/06/22 12:37:37.503225, 4] ../source3/winbindd/winbindd_dual.c:1346(child_handler) Finished processing child request 20 [2015/06/22 12:42:37.505184, 4] ../source3/winbindd/winbindd_dual.c:1338(child_handler) child daemon request 20 [2015/06/22 12:42:37.505292, 3] ../source3/winbindd/winbindd_misc.c:161(winbindd_dual_list_trusted_domains) [27699]: list trusted domains [2015/06/22 12:42:37.505325, 3] ../source3/winbindd/winbindd_ads.c:1427(trusted_domains) ads: trusted_domains [2015/06/22 12:42:37.506940, 4] ../source3/winbindd/winbindd_dual.c:1346(child_handler) Finished processing child request 20 Le 22/06/2015 09:56, Rowland Penny a ?crit :> On 22/06/15 07:38, Marc Recht? wrote: >> Hello, >> >> Trying to set up an AD member server, I am stuck on nsswitch not >> working. >> >> wbinfo -u returns the list of domain users, but getent passwd <some >> user> always fails (exit 2) >> >> /etc/nsswitch.conf >> passwd: files winbind >> shadow: files winbind >> group: files winbind >> >> $ ls -l /usr/lib64/libnss_w* >> lrwxrwxrwx 1 root root 19 23 f?vr. 14:39 >> /usr/lib64/libnss_winbind.so -> libnss_winbind.so.2 >> -rwxr-xr-x 1 root root 19224 23 f?vr. 14:40 >> /usr/lib64/libnss_winbind.so.2 >> lrwxrwxrwx 1 root root 16 23 f?vr. 14:39 /usr/lib64/libnss_wins.so >> -> libnss_wins.so.2 >> -rwxr-xr-x 1 root root 10976 23 f?vr. 14:40 /usr/lib64/libnss_wins.so.2 >> >> System is Fedora 21 64-bit with up to date packages >> >> Thanks >> > > I think you are going to have to give us a bit more info, just telling > us it doesn't work, isn't enough. > > smb.conf, anything in the logs etc > > Rowland >
Sorry I forgot the /etc/samba/smb.conf:
[global]
workgroup = STUDELEC-SA
server string = Samba Server Version %v
; netbios name = MYSERVER
; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
; hosts allow = 127. 192.168.12. 192.168.13.
; max protocol = SMB2
# log files split per-machine:
log file = /var/log/samba/smb.log
# maximum size of 50KB per log file, then rotate:
max log size = 50
log level = winbind:9
# ----------------------- Domain Members Options ------------------------
security = ADS
realm = STUDELEC-SA.COM
server role = member server
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config STUDELEC-SA:backend = ad
idmap config STUDELEC-SA:schema_mode = rfc2307
idmap config STUDELEC-SA:range = 10000-99999
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = Yes
winbind expand groups = 4
winbind normalize names = Yes
domain master = no
local master = no
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
OK, issuing this command:
$ getent passwd tunix
Produces in /var/log/log.wb-STUDELEC-SA:
2015/06/22 12:32:37.473115, 4]
../source3/winbindd/winbindd_dual.c:1346(child_handler)
Finished processing child request 20
[2015/06/22 12:32:37.473241, 4]
../source3/winbindd/winbindd_dual.c:1338(child_handler)
child daemon request 20
[2015/06/22 12:32:37.473278, 3]
../source3/winbindd/winbindd_misc.c:161(winbindd_dual_list_trusted_domains)
[27699]: list trusted domains
[2015/06/22 12:32:37.473301, 3]
../source3/winbindd/winbindd_ads.c:1427(trusted_domains)
ads: trusted_domains
[2015/06/22 12:32:37.474261, 4]
../source3/winbindd/winbindd_dual.c:1346(child_handler)
Finished processing child request 20
[2015/06/22 12:34:23.262925, 4]
../source3/winbindd/winbindd_dual.c:1338(child_handler)
child daemon request 59
[2015/06/22 12:34:23.263078, 3]
../source3/winbindd/winbindd_msrpc.c:252(msrpc_name_to_sid)
msrpc_name_to_sid: name=STUDELEC-SA\TUNIX
[2015/06/22 12:34:23.263178, 3]
../source3/winbindd/winbindd_msrpc.c:266(msrpc_name_to_sid)
name_to_sid [rpc] STUDELEC-SA\TUNIX for domain STUDELEC-SA
[2015/06/22 12:34:23.267421, 4]
../source3/winbindd/winbindd_dual.c:1346(child_handler)
Finished processing child request 59
[2015/06/22 12:34:23.267684, 4]
../source3/winbindd/winbindd_dual.c:1338(child_handler)
child daemon request 59
[2015/06/22 12:34:23.267767, 3]
../source3/winbindd/winbindd_ads.c:605(query_user)
ads: query_user
[2015/06/22 12:34:23.329798, 3]
../source3/winbindd/winbindd_ads.c:730(query_user)
ads query_user gave tunix
[2015/06/22 12:34:23.329862, 4]
../source3/winbindd/winbindd_dual.c:1346(child_handler)
Finished processing child request 59
[2015/06/22 12:34:23.330027, 4]
../source3/winbindd/winbindd_dual.c:1338(child_handler)
child daemon request 59
[2015/06/22 12:34:23.330068, 3]
../source3/winbindd/winbindd_msrpc.c:300(msrpc_sid_to_name)
msrpc_sid_to_name: S-1-5-21-497920593-2320919703-1315762108-513 for
domain STUDELEC-SA
[2015/06/22 12:34:23.331468, 5]
../source3/winbindd/winbindd_msrpc.c:320(msrpc_sid_to_name)
Mapped sid to [STUDELEC-SA]\[Utilisateurs du domaine]
[2015/06/22 12:34:23.331501, 5]
../source3/winbindd/winbindd_cache.c:1184(resolve_username_to_alias)
resolve_username_to_alias: backend query returned
NT_STATUS_INVALID_PARAMETER
[2015/06/22 12:34:23.331528, 5]
../source3/winbindd/winbindd_msrpc.c:328(msrpc_sid_to_name)
returning mapped name -- Utilisateurs_du_domaine
[2015/06/22 12:34:23.331563, 4]
../source3/winbindd/winbindd_dual.c:1346(child_handler)
Finished processing child request 59
[2015/06/22 12:34:23.331698, 4]
../source3/winbindd/winbindd_dual.c:1338(child_handler)
child daemon request 59
[2015/06/22 12:34:23.332704, 4]
../source3/winbindd/winbindd_dual.c:1346(child_handler)
Finished processing child request 59
[2015/06/22 12:37:37.501433, 4]
../source3/winbindd/winbindd_dual.c:1338(child_handler)
child daemon request 20
[2015/06/22 12:37:37.501560, 3]
../source3/winbindd/winbindd_misc.c:161(winbindd_dual_list_trusted_domains)
[27699]: list trusted domains
[2015/06/22 12:37:37.501598, 3]
../source3/winbindd/winbindd_ads.c:1427(trusted_domains)
ads: trusted_domains
[2015/06/22 12:37:37.503225, 4]
../source3/winbindd/winbindd_dual.c:1346(child_handler)
Finished processing child request 20
[2015/06/22 12:42:37.505184, 4]
../source3/winbindd/winbindd_dual.c:1338(child_handler)
child daemon request 20
[2015/06/22 12:42:37.505292, 3]
../source3/winbindd/winbindd_misc.c:161(winbindd_dual_list_trusted_domains)
[27699]: list trusted domains
[2015/06/22 12:42:37.505325, 3]
../source3/winbindd/winbindd_ads.c:1427(trusted_domains)
ads: trusted_domains
[2015/06/22 12:42:37.506940, 4]
../source3/winbindd/winbindd_dual.c:1346(child_handler)
Finished processing child request 20
Le 22/06/2015 09:56, Rowland Penny a ?crit :> On 22/06/15 07:38, Marc Recht? wrote:
>> Hello,
>>
>> Trying to set up an AD member server, I am stuck on nsswitch not
>> working.
>>
>> wbinfo -u returns the list of domain users, but getent passwd <some
>> user> always fails (exit 2)
>>
>> /etc/nsswitch.conf
>> passwd: files winbind
>> shadow: files winbind
>> group: files winbind
>>
>> $ ls -l /usr/lib64/libnss_w*
>> lrwxrwxrwx 1 root root 19 23 f?vr. 14:39
>> /usr/lib64/libnss_winbind.so -> libnss_winbind.so.2
>> -rwxr-xr-x 1 root root 19224 23 f?vr. 14:40
>> /usr/lib64/libnss_winbind.so.2
>> lrwxrwxrwx 1 root root 16 23 f?vr. 14:39 /usr/lib64/libnss_wins.so
>> -> libnss_wins.so.2
>> -rwxr-xr-x 1 root root 10976 23 f?vr. 14:40 /usr/lib64/libnss_wins.so.2
>>
>> System is Fedora 21 64-bit with up to date packages
>>
>> Thanks
>>
>
> I think you are going to have to give us a bit more info, just telling
> us it doesn't work, isn't enough.
>
> smb.conf, anything in the logs etc
>
> Rowland
>