thr3ads.net - samba - [Samba] Samba3.0.1pre1 winbind failing against domain groups(ADS) [Jan 2004]

If this information is useful, please help other people find it:
Share via:

Timothy E Jordan

2004-Jan-07 23:00 UTC

[Samba] Samba3.0.1pre1 winbind failing against domain groups(ADS)

Winbindd is having trouble finding the Domain Admins group in my domain.
 It appears to be searching for the group but does not show what domain
it's looking into - then it tries the local PC (ANC-Gentoo):

log.winbind:

[2004/01/07 13:20:43, 3] nsswitch/winbindd_group.c:winbindd_getgrnam(237)
  [23792]: getgrnam Domain Admins
[2004/01/07 13:20:43, 5] nsswitch/winbindd_acct.c:wb_getgrnam(522)
  wb_getgrnam: Did not find group (Domain Admins)
[2004/01/07 13:20:43, 5] nsswitch/winbindd_group.c:winbindd_getgrnam(254)
  winbindd_getgrnam: lookup for ANC-GENTOO\Domain Admins failed
[2004/01/07 13:21:24, 5] nsswitch/winbindd.c:winbind_client_read(465)
  read failed on sock 18, pid 23792: EOF


getent works:
$ getent group | grep "Domain Admins"
LABOR\Domain Admins:x:10003:LABOR\tim,...

wbinfo works:
$ wbinfo -g | grep "Domain Admins"
LABOR\Domain Admins


root@ANC-GENTOO var # net groupmap list
Domain Users (S-1-5-21-3791546257-2726071710-148796437-513) -> 10442
Domain Admins (S-1-5-21-3791546257-2726071710-148796437-512) -> root
Domain Guests (S-1-5-21-3791546257-2726071710-148796437-514) -> nobody


Winbind finds my domain account just fine:

[2004/01/07 13:20:43, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(219)
  [23792]: domain_info [LABOR.AK]
[2004/01/07 13:20:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(113)
  [23792]: getpwnam labor\tim
[2004/01/07 13:20:43, 3] nsswitch/winbindd_ads.c:name_to_sid(313)
  ads: name_to_sid
[2004/01/07 13:20:43, 5] libads/ldap_utils.c:ads_do_search_retry(56)
  Search for (|(sAMAccountName=tim)(userPrincipalName=tim@LABOR.AK))
gave 1 replies
[2004/01/07 13:20:43, 3] libads/ads_ldap.c:ads_name_to_sid(82)
  ads name_to_sid mapped tim
[2004/01/07 13:20:43, 3] nsswitch/winbindd_group.c:winbindd_getgroups(932)
  [23792]: getgroups LABOR\tim
[2004/01/07 13:20:43, 3] nsswitch/winbindd_ads.c:name_to_sid(313)
  ads: name_to_sid
[2004/01/07 13:20:43, 5] libads/ldap_utils.c:ads_do_search_retry(56)
  Search for (|(sAMAccountName=tim)(userPrincipalName=tim@LABOR.AK))
gave 1 replies
[2004/01/07 13:20:43, 3] libads/ads_ldap.c:ads_name_to_sid(82)
  ads name_to_sid mapped tim

I understand Andrew Bartlett is aware of the following problem, but I'm
not sure how that is going to affect file sharing from my Samba server
acting as a Domain Memeber via security=ADS.

2004/01/07 13:20:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(113)
  [23792]: getpwnam LABOR\windowsxp$
[2004/01/07 13:20:43, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(148)
  user 'windowsxp$' does not exist
[2004/01/07 13:20:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(113)
  [23792]: getpwnam windowsxp$
[2004/01/07 13:20:43, 5] nsswitch/winbindd_acct.c:wb_getpwnam(393)
  wb_getpwnam: Did not find user (windowsxp$)
[2004/01/07 13:20:43, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(125)
  winbindd_getpwnam: lookup for ANC-GENTOO\windowsxp$ failed
[2004/01/07 13:20:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(113)
  [23792]: getpwnam windowsxp$
[2004/01/07 13:20:43, 5] nsswitch/winbindd_acct.c:wb_getpwnam(393)
  wb_getpwnam: Did not find user (windowsxp$)
[2004/01/07 13:20:43, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(125)
  winbindd_getpwnam: lookup for ANC-GENTOO\windowsxp$ failed

Apparently Analagous Threads

Search for more maybe matching threads

samba - Jan 2004 - Samba3.0.1pre1 winbind failing against domain groups(ADS)

[Samba] Samba3.0.1pre1 winbind failing against domain groups(ADS)

Apparently Analagous Threads

Wisdom of the Ancients