samba - Aug 2005 - samba-3.0.20rc1 winbind Windows 2003 SP1 ADS wbinfo all fine, but getent passsd or group does not work...

Hi,

I've joined a Suse 9.1 Pro linux computer to a Windows 2003 SP1 ADS using:
# kinit Administrator@DOMAIN
# net ads join

The computer account is created on the DC and wbinfo (-t -u -g) all
work. Then I try getent passwd or getent group and nothing.


This is with:

#grep winbind /etc/nsswitch.conf
passwd:     compat winbind
group:      compat winbind

# ps -ef | grep -E 'winbind|nmbd'
root      3169     1  0 Jul29 ?        00:00:02 nmbd
root      3171     1  0 Jul29 ?        00:00:01 winbindd -d 5
root      3172  3171  0 Jul29 ?        00:00:00 winbindd -d 5
root      3173  3171  0 Jul29 ?        00:00:01 winbindd -d 5

# cat /usr/local/samba/lib/smb.conf
[global]
# separate domain and username with '\', like DOMAIN\username
winbind separator = +
# use uids from 10000 to 20000 for domain users
 idmap uid = 10000-20000
# use gids from 10000 to 20000 for domain groups
 idmap gid = 10000-20000
# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes
# give winbind users a real shell (only needed if they have telnet access)
template homedir = /home/%U
template shell = /bin/bash
winbind cache time = 600
winbind trusted domains only = yes

workgroup = SHORTDOMAIN

# to remove domain from username
# winbind use default domain = yes
obey pam restrictions = Yes

realm = DOMAIN
security = ADS
encrypt passwords = yes
password server = SERVER.DOMAIN

# Example share definition

[public]
comment = Public data directory
read only = no
path = /sambapublic
user = @"DOMAIN+domain users"


an strace of getent passwd shows getent looking at /lib/libnss_winbind.so

samba is configured like so:
./configure --prefix=/usr/local/samba/ --with-ldap --with-ads --with-krb5
--with-pam --with-winbind


I have submitted this as a bug against the latest 3.0.20 release candidate
just in case this is not my fault:
https://bugzilla.samba.org/show_bug.cgi?id=2929


Has anyone else managed to get this working, please?



Mike.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mike Rose wrote:
| Hi,
|
| I've joined a Suse 9.1 Pro linux computer to a Windows 2003 SP1 ADS using:
| # kinit Administrator@DOMAIN
| # net ads join
|
| The computer account is created on the DC and wbinfo (-t -u -g) all
| work. Then I try getent passwd or getent group and nothing.
|
|
| This is with:
|
| #grep winbind /etc/nsswitch.conf
| passwd:     compat winbind
| group:      compat winbind

try setting 'passwd: files winbind' just for kicks.  getent works
fine for me.





cheers, jerry
====================================================================Alleviating
the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back."     Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC7mamIR7qMdg1EfYRAgGfAKCuxXQAYug6+VgdriyLQHCb52ZSfQCfZ/ea
ZOLALQopYZd6ZNcGn6UEK3A=sP8W
-----END PGP SIGNATURE-----

Hey guys,

I have a question regarding Group Policies. The Samba HOW-TO collection 
indicates using Active Directory to create / administer Group Policies.  
Is there a way to administer group policies for Windows machines so that 
my Windows clients can use these from the Samba domain.   I am using 
LDAP/SAMBA3 for my domain structure with all Windows clients.

Thank You

Adam