thr3ads.net - samba - [Samba] winbindd problem

If this information is useful, please help other people find it:
Share via:
gnu_is_not_unix
2002-Jul-21 15:28 UTC
[Samba] winbindd problem - more debug dataz

Hello ,

[root@srubka root]# wbinfo -u |grep user
DOMAIN+user
[root@srubka root]# wbinfo -n user
S-1-5-21-901448495-183529283-701057205-1327 1
[root@srubka root]# wbinfo -s S-1-5-21-901448495-183529283-701057205-1327
DOMAIN+user 1
[root@srubka root]# wbinfo -S S-1-5-21-901448495-183529283-701057205-1327
10026
[root@srubka root]# wbinfo -Y S-1-5-21-901448495-183529283-701057205-1327
Could not convert sid S-1-5-21-901448495-183529283-701057205-1327 to gid
(ofcourse other groups are converting !)
--------
[root@srubka root]# wbinfo -G 10000
S-1-5-21-901448495-183529283-701057205-513
[root@srubka root]# wbinfo -Y S-1-5-21-901448495-183529283-701057205-513
10000
[root@srubka root]# getent group|grep 10000|more
DOMAIN+Domain Users:x:10000: ....... long list
--------
[root@srubka root]# wbinfo -U 10026
S-1-5-21-901448495-183529283-701057205-1327
[root@srubka root]# getent group|grep user|more
DOMAIN+Domain Admins:x:10001:.........DOMAIN+user..... (few entires
more)
DOMAIN+Domain Users:x:10000:.......DOMAIN+user..... (long list)
[root@srubka root]# getent passwd|grep user
DOMAIN+user:x:10026:10000:Some user:/home/DOMAIN/user:/bin/bash

When conneting to share a USER is autenticated as NOBODY.

Maybe groups in DOMAIN are corrupted ?

---- QUOTED FROM MY PREVIOUS MESSAGE -----
Im trying to setup samba 2.2.5 with winbindd to work with nt4.0 domain
style. Samba is working OK without winbindd - users can see server,
share. Also they can write to directorie with read, write list
enabled.

I have added that server to NT DOMAIN through SERVER MANAGER from NT,
and smpasswd -j DOMAIN -r PCD -U Admin from linux box - that stage is
OK - i can see the server from NT User Manager so my linux box is in
DOMAIN.

As the faq said I added the following lines to my smb.conf:

workgroup = DOMAIN
security = DOMAIN
encrypt passwords = Yes
password server = PASSSERV
domain logons = no
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
winbind cache time = 5
winbind use default domain = No
template shell = /bin/bash
template homedir = /home/%D/%U

wbinfo -u gives me a proper list of user from DOMAIN (DOMAIN+username
style)
wbinfo -g gives me proper list of groups from DOMAIN

[root@srubka samba]# wbinfo -n user
S-1-5-21-901448495-183529283-701057205-1327 1
[root@srubka samba]# wbinfo -n user2
S-1-5-21-901448495-183529283-701057205-1565 1
[root@srubka samba]# wbinfo -s S-1-5-21-901448495-183529283-701057205-1327 1
DOMAIN+user 1
[root@srubka samba]# wbinfo -s S-1-5-21-901448495-183529283-701057205-1565 1
DOMAIN+user2 1

[root@srubka samba]# wbinfo -S S-1-5-21-901448495-183529283-701057205-1327 1
10026 - it is ok - getent passwd|grep 10026 - user

Output from getent passwd and getent group looks also ok - i can users
and groups - ofcourse when winbindd is switch on.

My /etc/pam.d/samba looks like:
#%PAM-1.0
session    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
auth       required      /lib/security/pam_securetty.so
auth       required      /lib/security/pam_nologin.so
auth       sufficient    /lib/security/pam_winbind.so
auth       required      /lib/security/pam_pwdb.so use_first_pass shadow nullok
account    required      /lib/security/pam_winbind.so

I made [test] share:
[test]
        path = /home/test
        read list = DOMAIN+user DOMAIN+user2
        write list = DOMAIN+user DOMAIN+user2
        read only = No
        vfs object = /usr/lib/samba/vfs/recycle.so
        vfs options = /etc/samba/recycle.conf


The problem is:
user or user2 cant connect [test] share because:

/var/log/samba/log.winbind
[2002/07/20 21:41:48, 1] nsswitch/winbindd_util.c:init_domain_list(152)
  getting trusted domain list
[2002/07/20 21:43:41, 3] nsswitch/winbindd_group.c:winbindd_getgroups(770)
  [ 4228]: getgroups nobody
[2002/07/20 21:43:41, 3] nsswitch/winbindd_sid.c:winbindd_lookupsid(37)
  [ 4228]: lookupsid S-1-5-21-901448495-183529283-701057205-513
[2002/07/20 21:43:41, 3] libsmb/namequery.c:resolve_lmhosts(768)
  resolve_lmhosts: Attempting lmhosts lookup for name PASSSERV<0x20>
[2002/07/20 21:43:41, 4] libsmb/namequery.c:getlmhostsent(532)
  getlmhostsent: lmhost entry: 127.0.0.1 localhost
[2002/07/20 21:43:41, 3] libsmb/namequery.c:resolve_hosts(808)
  resolve_hosts: Attempting host lookup for name PASSSERV<0x20>
[2002/07/20 21:43:41, 3] lib/util_sock.c:open_socket_in(813)
  bind succeeded on port 0
[2002/07/20 21:43:41, 4] libsmb/nmblib.c:debug_nmb_packet(107)
  nmb packet from 10.10.12.27(137) header: id=16507 opcode=Query(0) response=Yes
      header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
      header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
      answers: nmb_name=DOMAIN<1c> rr_type=33 rr_class=1 ttl=0
      answers   0 char .PASSSERV            hex 0B5255444F4C46202020202020202020
      answers  10 char  D.PASSSERV          hex 2044005255444F4C4620202020202020
      answers  20 char   .D.DOMAIN     hex 2020004400535A50455241435A452020
      answers  30 char     ...DOMAIN   hex 2020202000C400535A50455241435A45
      answers  40 char       ...DOMAIN   hex 2020202020201CC400535A5045524143
      answers  50 char ZE      ...PASS   hex 5A452020202020201EC4005255444F4C
      answers  60 char F         .D.ADM   hex 4620202020202020202003440041444D
      answers  70 char INISTRATOR  .D.P   hex 494E4953545241544F52202003440052
      answers  80 char SSSERV         .D   hex 55444F4C462020202020202020200144
      answers  90 char .DOMAIN         hex 00535A50455241435A45202020202020
      answers  a0 char .D.DOMAIN       hex 1B4400535A50455241435A4520202020
      answers  b0 char   .D...__MSBROWS   hex 20201D440001025F5F4D5342524F5753
      answers  c0 char E__.............   hex 455F5F0201C400000102B1E8A7000000
      answers  d0 char ................   hex 00000000000000000000000000000000
      answers  e0 char ................   hex 00000000000000000000000000000000
      answers  f0 char .....   hex 0000000000
[2002/07/20 21:43:41, 3] nsswitch/winbindd_cm.c:cm_get_dc_name(205)
  cm_get_dc_name: Returning DC PASSSERV (10.10.12.27) for domain
  DOMAIN
[2002/07/20 21:43:41, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(236)
  IPC$ connections done anonymously
[2002/07/20 21:43:41, 3] libsmb/cliconnect.c:cli_full_connection(980)
  Connecting to host=PASSSERV share=IPC$
[2002/07/20 21:43:41, 3] lib/util_sock.c:open_socket_out(845)
  Connecting to 10.10.12.27 at port 445
[2002/07/20 21:43:41, 2] lib/util_sock.c:open_socket_out(873)
  error connecting to 10.10.12.27:445 (Connection refused)
[2002/07/20 21:43:41, 3] lib/util_sock.c:open_socket_out(845)
  Connecting to 10.10.12.27 at port 139
[2002/07/20 21:43:41, 3] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(140)
  [ 4228]: sid to gid S-1-5-21-901448495-183529283-701057205-513
[2002/07/20 21:43:41, 3] nsswitch/winbindd_sid.c:winbindd_lookupsid(37)
  [ 4228]: lookupsid S-1-5-21-901448495-183529283-701057205-512
[2002/07/20 21:43:41, 3] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(140)
  [ 4228]: sid to gid S-1-5-21-901448495-183529283-701057205-512
[2002/07/20 21:43:41, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(201)
  [ 4228]: gid to sid 10000
[2002/07/20 21:43:41, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(201)
  [ 4228]: gid to sid 10001
[2002/07/20 21:43:41, 3] nsswitch/winbindd_group.c:winbindd_getgroups(770)
  [ 4228]: getgroups nobody
                     ^^^^^^ ????????
                     ^^^^^^^ ????????

                     
Logging in my smb.conf is:
log file = /var/log/samba/samba-log.%U
and the file is ok - it is samba-log.user so samba see that user is
connected

What is wrong with my conf ?

ps. Thanks for Your responses about my "recycle bin" problem !!!!!


-- 
Best regards,
 gnu_is_not_unix
samba - Jul 2002 - winbindd problem - more debug dataz

[Samba] winbindd problem - more debug dataz
