samba - Jun 2005 - Windows 2003 AD users not found

I recently changed from Windows 2000 native active directory mode to
Windows 2003  active directory mode.  When I did that, users could no
long connect to any of the Samba shares.  They were prompted for a
username and password.  The following error was logged in the winbind
log:

[2005/06/22 14:38:46, 1]
nsswitch/winbindd_user.c:winbindd_getpwnam(161)
  user 'John' does not exist

The user John does exist in the active directory.  I ran getent passwd
to see if the user John was listed and indeed he was.  I then tried
accessing the share again and it worked fine.  A little bit later, it
stopped working again.  I found out that by running getent passwd,
shares are accessaable for a short period of time but then the users
are not found again by Samba until I run getent passwd again.

Version Info:
krb5: 1.2.7
samba: 3.0.9

smb.conf:
[global]
        workgroup = 40SERVER1
        realm = ascad.insideasc.com
        password server = bethe.ascad.insideasc.com
        server string         security = ADS
        encrypt passwords = yes
        log file = /var/log/samba/%m.log
        dns proxy = no
        wins server = 10.0.0.53 10.0.0.62
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind separator = #
#shares...

I appreciate any help.  Thank you.

Joseph Preston Schmigel (RIT Student) wrote:
>I recently changed from Windows 2000 native active directory mode to
>Windows 2003  active directory mode.  When I did that, users could no
>long connect to any of the Samba shares.  They were prompted for a
>username and password.  The following error was logged in the winbind
>log:
>
>[2005/06/22 14:38:46, 1]
>nsswitch/winbindd_user.c:winbindd_getpwnam(161)
>  user 'John' does not exist
>
>The user John does exist in the active directory.  I ran getent passwd
>to see if the user John was listed and indeed he was.  I then tried
>accessing the share again and it worked fine.  A little bit later, it
>stopped working again.  I found out that by running getent passwd,
>shares are accessaable for a short period of time but then the users
>are not found again by Samba until I run getent passwd again.
>
>Version Info:
>krb5: 1.2.7
>samba: 3.0.9
>
>smb.conf:
>[global]
>        workgroup = 40SERVER1
>        realm = ascad.insideasc.com
>        password server = bethe.ascad.insideasc.com
>        server string >        security = ADS
>        encrypt passwords = yes
>        log file = /var/log/samba/%m.log
>        dns proxy = no
>        wins server = 10.0.0.53 10.0.0.62
>        idmap uid = 10000-20000
>        idmap gid = 10000-20000
>        winbind separator = #
>#shares...
>
>I appreciate any help.  Thank you.
>
>
>  
>
I have the same problem. I have a Windows 2003 ADS as well.  I run 
getent passwd every minute from a cron job.  It works OK .

RHEL 4 ES  64bit
samba 3.0.10-1.4E
krb5 1.3.4-12


Kyle
.

I implemented the change to my smb.conf last night and it is now lunch time and
I have to get any phone calls complaining about server being unaccessable which
means the problem has been fixed.  Thank you very much.


-----Original Message-----
From: Kyle Johnson [mailto:kyle.johnson@revisor.leg.state.mn.us]
Sent: Wed 6/22/2005 5:58 PM
To: Herb Lewis
Cc: Joseph Preston Schmigel (RIT Student); samba@lists.samba.org
Subject: Re: [Samba] Windows 2003 AD users not found
 
Herb Lewis wrote:
> try setting the following in your smb.conf file - it made
> wbinfo behave for me
>
> client schannel = No
>
> Kyle Johnson wrote:
>
>> Joseph Preston Schmigel (RIT Student) wrote:
>>
>>> I recently changed from Windows 2000 native active directory mode
to
>>> Windows 2003  active directory mode.  When I did that, users could
no
>>> long connect to any of the Samba shares.  They were prompted for a
>>> username and password.  The following error was logged in the
winbind
>>> log:
>>>
>>> [2005/06/22 14:38:46, 1]
>>> nsswitch/winbindd_user.c:winbindd_getpwnam(161)
>>>  user 'John' does not exist
>>>
>>> The user John does exist in the active directory.  I ran getent
passwd
>>> to see if the user John was listed and indeed he was.  I then tried
>>> accessing the share again and it worked fine.  A little bit later,
it
>>> stopped working again.  I found out that by running getent passwd,
>>> shares are accessaable for a short period of time but then the
users
>>> are not found again by Samba until I run getent passwd again.
>>>
>>> Version Info:
>>> krb5: 1.2.7
>>> samba: 3.0.9
>>>
>>> smb.conf:
>>> [global]
>>>        workgroup = 40SERVER1
>>>        realm = ascad.insideasc.com
>>>        password server = bethe.ascad.insideasc.com
>>>        server string >>>        security = ADS
>>>        encrypt passwords = yes
>>>        log file = /var/log/samba/%m.log
>>>        dns proxy = no
>>>        wins server = 10.0.0.53 10.0.0.62
>>>        idmap uid = 10000-20000
>>>        idmap gid = 10000-20000
>>>        winbind separator = #
>>> #shares...
>>>
>>> I appreciate any help.  Thank you.
>>>
>>>
>>>  
>>>
>> I have the same problem. I have a Windows 2003 ADS as well.  I run 
>> getent passwd every minute from a cron job.  It works OK .
>>
>> RHEL 4 ES  64bit
>> samba 3.0.10-1.4E
>> krb5 1.3.4-12
>>
>>
>> Kyle
>> .
>>
>
I made the change and restarted Samba and Winbind.  I have not had a 
problem since. 

Thanks for the help

Kyle