Pedro Henrique Ponchio
2004-Jan-21 19:39 UTC
[Samba] getent passwd cannot list win2k ADS users
Hello maorui/all, I have the same problem, with the Debian 3.0r2, using samba 3.0.1 compiled from sources, with the options: ./configure --with-ads --with-winbind --with-winbind-auth-challenge --with-smbmount --prefix=/usr --with-ldap --with-pam_smbpass --with-syslog --with-utmp --with-swatdir=/etc/samba/swat --with-libsmbclient --with-acl-support --with-quotas --with-pam --with-nisplus-home --with-configdir=/etc/samba --with-privatedir=/etc/samba --sysconfdir=/etc/samba All the other conf files is looking exactly like yours, and I don?t know what to do to make it works. "wbinfo -u" and "wbinfo -g" is working fine ... Thks to any reply to this. Regards, --- Pedro Henrique C. Ponchio Funda??o ATECH Tecnologias Cr?ticas (5511) 3040-7300 ramal 150 --- maorui maorui at exavio.com.cn <mailto:samba%40lists.samba.org?Subject=%5BSamba%5D%20getent%20passwd%20cannot%20list%20win2k%20ADS%20users&In-Reply-To=> Mon Dec 1 09:24:18 GMT 2003 I'm using RH9, and install Samba 3.0.0 by using rpm package. I use following configure files. /etc/samba/smb.conf: [global] workgroup = DOMAIN realm = DOMAIN.COM server string = Demo Samba Server security = ADS username map = /etc/samba/smbusers log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = No local master = No domain master = No dns proxy = No idmap uid = 10000-20000 idmap gid = 10000-20000 template homedir = /home/windomain/%D/%U template shell = /bin/bash winbind separator = + /etc/krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = DOMAIN.COM dns_lookup_realm = false dns_lookup_kdc = false [realms] DOMAIN.COM = { kdc = server.domain.com:88 admin_server = server.domain.com:749 default_domain = domain.com } [domain_realm] .domain.com = DOMAIN.COM domain.com = DOMAIN.COM [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } /etc/nsswitch.conf: passwd: files winbind shadow: files group: files winbind hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: files publickey: nisplus automount: files aliases: files nisplus And I update MIT Kerberos package by following steps: 1. ./configure --prefix=/usr/kerberos --localstatedir=/var/kerberos --enable-dn s 2. make 3. make install I entered command 'kinit administrator', and got no error message. 'klist -5' returned: Ticket cache: FILE:/tmp/krb5cc_0 Default principal: maor at DOMAIN.COM <http://lists.samba.org/mailman/listinfo/samba> Valid starting Expires Service principal 12/01/03 15:37:13 12/02/03 01:37:13 krbtgt/ DOMAIN.COM at DOMAIN.COM <http://lists.samba.org/mailman/listinfo/samba> 12/01/03 15:50:33 12/02/03 01:37:13 server-file$@DOMAIN.COM And commands net ads join -S server.domain.com -U administrator net rpc join -S server.domain.com -U administrator worked fine. I started winbindd. 'wbinfo -u' & 'wbinfo -g' can get all users & groups from domain. But the command 'getent passwd' could only show local accounts, without any domain mapped accounts inside. And /home had no any home directory created. Who can tell me which step I made a mistake? --------------- Logs ----------------- /var/log/samba/log.winbindd: [2003/12/01 15:48:45, 1] nsswitch/winbindd.c:main(832) winbindd version 3.0.0 started. Copyright The Samba Team 2000-2003 [2003/12/01 15:48:46, 1] nsswitch/winbindd_util.c:add_trusted_domain(149) Added domain DOMAIN.COM [2003/12/01 15:48:46, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) [2003/12/01 15:48:46, 1] nsswitch/winbindd_ads.c:ads_cached_connection(64) ads_connect for domain DOMAIN.COM failed: Operations error [2003/12/01 15:48:46, 1] nsswitch/winbindd_util.c:init_domain_list(284) Could not fetch sid for our domain DOMAIN.COM [2003/12/01 15:48:46, 1] nsswitch/winbindd_util.c:add_trusted_domains(206) scanning trusted domain list [2003/12/01 15:48:46, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) [2003/12/01 15:49:07, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) [2003/12/01 15:49:07, 1] nsswitch/winbindd_ads.c:ads_cached_connection(64) ads_connect for domain DOMAIN.COM failed: Operations error [2003/12/01 16:16:36, 1] nsswitch/winbindd.c:main(832) winbindd version 3.0.0 started. Copyright The Samba Team 2000-2003 [2003/12/01 16:16:36, 1] nsswitch/winbindd_util.c:add_trusted_domain(149) Added domain DOMAIN.COM [2003/12/01 16:16:36, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) [2003/12/01 16:16:36, 1] nsswitch/winbindd_ads.c:ads_cached_connection(64) ads_connect for domain DOMAIN.COM failed: Operations error [2003/12/01 16:16:36, 1] nsswitch/winbindd_util.c:init_domain_list(284) Could not fetch sid for our domain DOMAIN.COM [2003/12/01 16:16:36, 1] nsswitch/winbindd_util.c:add_trusted_domains(206) scanning trusted domain list [2003/12/01 16:16:36, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) [2003/12/01 16:16:46, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) [2003/12/01 16:16:46, 1] nsswitch/winbindd_ads.c:ads_cached_connection(64) ads_connect for domain DOMAIN.COM failed: Operations error [2003/12/01 16:21:46, 1] nsswitch/winbindd_util.c:add_trusted_domains(206) scanning trusted domain list [2003/12/01 16:21:46, 0] libsmb/cliconnect.c:cli_session_setup_spnego(683) Kinit failed: Malformed representation of principal [2003/12/01 16:25:18, 1] nsswitch/winbindd.c:main(832) winbindd version 3.0.0 started. Copyright The Samba Team 2000-2003 [2003/12/01 16:25:18, 1] nsswitch/winbindd_util.c:add_trusted_domain(149) Added domain DOMAIN DOMAIN.COM [2003/12/01 16:25:18, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) [2003/12/01 16:25:18, 1] nsswitch/winbindd_util.c:add_trusted_domains(206) scanning trusted domain list [2003/12/01 16:25:18, 1] nsswitch/winbindd_util.c:add_trusted_domains(206) scanning trusted domain list [2003/12/01 16:30:45, 1] nsswitch/winbindd_util.c:add_trusted_domains(206) scanning trusted domain list [2003/12/01 16:35:46, 1] nsswitch/winbindd_util.c:add_trusted_domains(206) scanning trusted domain list [2003/12/01 16:38:29, 1] nsswitch/winbindd.c:main(832) winbindd version 3.0.0 started. Copyright The Samba Team 2000-2003 [2003/12/01 16:38:29, 1] nsswitch/winbindd_util.c:add_trusted_domain(149) Added domain DOMAIN DOMAIN.COM [2003/12/01 16:38:29, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) [2003/12/01 16:38:29, 1] nsswitch/winbindd_util.c:add_trusted_domains(206) scanning trusted domain list [2003/12/01 16:38:29, 1] nsswitch/winbindd_util.c:add_trusted_domains(206) scanning trusted domain list [2003/12/01 16:43:34, 1] nsswitch/winbindd_util.c:add_trusted_domains(206) scanning trusted domain list [2003/12/01 16:48:34, 1] nsswitch/winbindd_util.c:add_trusted_domains(206) scanning trusted domain list [2003/12/01 16:53:34, 1] nsswitch/winbindd_util.c:add_trusted_domains(206) scanning trusted domain list [2003/12/01 16:58:48, 1] nsswitch/winbindd_util.c:add_trusted_domains(206) scanning trusted domain list