Jonathan C. Detert
2006-Feb-10 22:37 UTC
[Samba] problem using 'winbind nss info =' statement
When winbind is configured without the 'winbind nss info =' statement
(i.e. such that winbind maintains its own local map of SIDs -> UID/GIDs),
the following works fine:
# cd ~detertj
# getent passwd detertj
detertj:x:10008:10000:detertj:/home/MSOE/detertj:/bin/bash
but when i try to make winbind use sfu for the mapping of SID ->
UID/GID, username lookups are failing:
# cd ~detertj
-bash: cd: ~detertj: No such file or directory
# getent passwd detertj
#
However, either way, when trying to use nss info = sfu, or not, wbinfo
is able to do look ups just fine:
# wbinfo -n detertj
S-1-5-21-2143970516-726479814-926709054-4514 User (1)
# wbinfo -u | grep -i detertj
detertj
# wbinfo -s S-1-5-21-2143970516-726479814-926709054-4514
MSOE+detertj 1
#
Since i successfully use nss_ldap on other boxen, relying on sfu from MsAD,
I'm inclined to believe that the problem isn't with sfu on the MsAD DCs.
Btw, this is with samba and winbind v3.0.21a.
Here's the pertinent smb.conf verbage when I'm NOT using 'nss info =
sfu':
winbind enum groups = yes
winbind enum users = yes
winbind separator = +
winbind nested groups = yes
winbind use default domain = yes
idmap gid = 10000-35000
idmap uid = 10000-35000
template homedir = /home/%D/%U
template shell = /bin/bash
Here's the pertinent smb.conf verbage when I'm trying to use 'nss
info = sfu':
winbind enum groups = yes
winbind enum users = yes
winbind separator = +
winbind nested groups = yes
winbind use default domain = yes
winbind nss info = sfu
idmap backend = idmap_ad
template homedir = /home/%D/%U
template shell = /bin/bash
BTW, lookups failed with nss info set to sfu, regardless of whether I specified
the 'idmap uid' and 'idmap gid' statements (are they needed when
using nss info = sfu?).
Any ideas what's wrong or what to try? aTdHvAaNnKcSe
--
Happy Landings,
Jon Detert
IT Systems Administrator, Milwaukee School of Engineering
1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A.
Reasonably Related Threads
- winbind can see some groups but not others
- can't map drive to WinXP client from v3.0.21 w. security=ads
- ADS valid users can't map a share to 3.0.21
- win2k domain-less client failing to authenticate when securit y=domain
- winbind can get uid and gid from sfu, but not homedir or loginshell
Wisdom of the Ancients
