Hi all, after I searched the internet about a week now I can't find an answer to my problem: The company I work for is using a Windows 2003 Domain using the Windows Services for UNIX (SFU) and NIS. We are using two Domain Controllers that are hosting the ADS. Now I want to use Samba and NFS to implement a file server for our mixed client enviroment: There will be Linux, HP UNIX, Solaris, AIX and Windows clients accessing this server. The Linux/UNIX clients will use NFS (no problem). The Windows clients will use Samba. ====================================I compiled Samba 3.0.22 with: ./configure \ --with-ldap \ --with-ads \ --with-pam \ --with-quotas \ --with-acl-support \ --with-aio-support \ --with-sendfile-support \ --with-winbind \ --with-shared-modules=idmap_ad The last option was the only way to get idmap_ad compiled and installed. I need this to use 'idmap backend = ad' ==================================== After installation I copied libnss_winbind.so and libnss_wins.so to /lib and run ldconfig [root@io source]# ldconfig -v | grep libnss libnss_winbind.so.2 -> libnss_winbind.so libnss_wins.so.2 -> libnss_wins.so [root@io source]# ==================================== My smb.conf is [root@io source]# cat /usr/local/samba/lib/smb.conf [global] unix charset = UTF8 display charset = UTF8 workgroup = XYZ realm = ABC.COM server string = linux fileserver %h (Samba %v) security = ADS auth methods = winbind allow trusted domains = No lanman auth = No log level = 0 smb:1 auth:1 winbind:1 idmap:1 acls:1 log file = /var/log/samba/%m.log disable netbios = Yes reset on zero vc = Yes deadtime = 10 os level = 0 preferred master = No local master = No domain master = No wins server = a.b.c.d, a.b.c.e ldap ssl = no pid directory = /var/run idmap backend = ad idmap uid = 100-100000 idmap gid = 100-100000 winbind use default domain = Yes winbind nested groups = Yes winbind nss info = sfu acl group control = Yes acl map full control = No inherit owner = Yes ea support = Yes map acl inherit = Yes use sendfile = Yes hide special files = Yes map readonly = permissions strict locking = No dos filemode = Yes [root@io source]# I configured no shares at the moment. Could that be a problem? ==================================== My /etc/krb5.conf [root@io source]# cat /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = ABC.COM [realms] ABC.COM = { default_domain = abc.com } [domain_realm] .abc.com = ABC.COM abc.com = ABC.COM [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } [root@io source]# ==================================== My /etc/nsswitch.conf [root@io source]# cat /etc/nsswitch.conf # # /etc/nsswitch.conf [...] passwd: files winbind shadow: files winbind group: files winbind #hosts: db files ldap nis dns hosts: files dns wins [...] ==================================== Then I joined the domain successfully: [root@io source]# net ads join -Uruth "Servers" [root@io source]# wbinfo -t checking the trust secret via RPC calls succeeded [root@io source]# [root@io source]# net ads info LDAP server: a.b.c.d LDAP server name: uranus Realm: ABC.COM Bind Path: dc=ABC,dc=COM LDAP port: 389 Server time: Fri, 21 Apr 2006 11:59:54 CEST KDC server: a.b.c.d Server time offset: 55 [root@io source]# ==================================== After starting nmbd, smbd and winbindd I can successfully list my domain users and group with wbinfo. But when I try to get a list via getent it doesn't work. [root@io source]# getent passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news: uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash nscd:x:28:28:NSCD Daemon:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin pegasus:x:100:500:tog-pegasus OpenPegasus WBEM/CIM services:/var/lib/Pegasus:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin [root@io source]# ==================================== I have lots of messages of this in winbindd.log: [2006/04/21 12:01:13, 1] sam/idmap_ad.c:ad_idmap_get_id_from_sid(329) ad_idmap_get_id_from_sid: ads_pull_uint32: could not read attribute 'msSFU30GidNumber' [2006/04/21 12:01:13, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(92) error getting group id for sid S-1-5-21-1663660479-371685239-1594628879-513 But I think thats not the problem because in winbindd_idmap.tdb are all users with correct mappings that have the field msSFU30GidNumber. ==================================== The last thing I tried was to to a strace: [root@io samba]# strace getent passwd execve("/usr/bin/getent", ["getent", "passwd"], [/* 23 vars */]) = 0 uname({sys="Linux", node="io.coremedia.com", ...}) = 0 brk(0) = 0x9c66000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=37645, ...}) = 0 old_mmap(NULL, 37645, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f27000 close(3) = 0 open("/lib/tls/libc.so.6", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20o-\000"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=1454546, ...}) = 0 old_mmap(0x2c2000, 1219772, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2c2000 old_mmap(0x3e6000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x124000) = 0x3e6000 old_mmap(0x3ea000, 7356, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ea000 close(3) = 0 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f26000 mprotect(0x3e6000, 4096, PROT_READ) = 0 mprotect(0x2be000, 4096, PROT_READ) = 0 set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f26aa0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0 munmap(0xb7f27000, 37645) = 0 brk(0) = 0x9c66000 brk(0x9c87000) = 0x9c87000 open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=48513056, ...}) = 0 mmap2(NULL, 2097152, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7d26000 close(3) = 0 open("/etc/nsswitch.conf", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=1652, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) 0xb7d25000 read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1652 read(3, "", 4096) = 0 close(3) = 0 munmap(0xb7d25000, 4096) = 0 open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=37645, ...}) = 0 old_mmap(NULL, 37645, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7d1c000 close(3) = 0 open("/lib/libnss_files.so.2", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\33\0"..., 512) 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=45889, ...}) = 0 old_mmap(NULL, 41608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4b2000 old_mmap(0x4bb000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8000) = 0x4bb000 close(3) = 0 munmap(0xb7d1c000, 37645) = 0 open("/etc/passwd", O_RDONLY) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 fstat64(3, {st_mode=S_IFREG|0644, st_size=1546, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) 0xb7d25000 _llseek(3, 0, [0], SEEK_CUR) = 0 read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1546 fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) 0xb7d24000 write(1, "root:x:0:0:root:/root:/bin/bash\n", 32root:x:0:0:root:/root:/bin/bash ) = 32 write(1, "bin:x:1:1:bin:/bin:/sbin/nologin"..., 33bin:x:1:1:bin:/bin:/sbin/nologin ) = 33 write(1, "daemon:x:2:2:daemon:/sbin:/sbin/"..., 40daemon:x:2:2:daemon:/sbin:/sbin/nologin ) = 40 write(1, "adm:x:3:4:adm:/var/adm:/sbin/nol"..., 37adm:x:3:4:adm:/var/adm:/sbin/nologin ) = 37 write(1, "lp:x:4:7:lp:/var/spool/lpd:/sbin"..., 41lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin ) = 41 write(1, "sync:x:5:0:sync:/sbin:/bin/sync\n", 32sync:x:5:0:sync:/sbin:/bin/sync ) = 32 write(1, "shutdown:x:6:0:shutdown:/sbin:/s"..., 45shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown ) = 45 write(1, "halt:x:7:0:halt:/sbin:/sbin/halt"..., 33halt:x:7:0:halt:/sbin:/sbin/halt ) = 33 write(1, "mail:x:8:12:mail:/var/spool/mail"..., 47mail:x:8:12:mail:/var/spool/mail:/sbin/nologin ) = 47 write(1, "news:x:9:13:news:/etc/news:\n", 28news:x:9:13:news:/etc/news: ) = 28 write(1, "uucp:x:10:14:uucp:/var/spool/uuc"..., 48uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin ) = 48 write(1, "operator:x:11:0:operator:/root:/"..., 45operator:x:11:0:operator:/root:/sbin/nologin ) = 45 write(1, "games:x:12:100:games:/usr/games:"..., 46games:x:12:100:games:/usr/games:/sbin/nologin ) = 46 write(1, "gopher:x:13:30:gopher:/var/gophe"..., 48gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ) = 48 write(1, "ftp:x:14:50:FTP User:/var/ftp:/s"..., 44ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin ) = 44 write(1, "nobody:x:99:99:Nobody:/:/sbin/no"..., 38nobody:x:99:99:Nobody:/:/sbin/nologin ) = 38 write(1, "dbus:x:81:81:System message bus:"..., 48dbus:x:81:81:System message bus:/:/sbin/nologin ) = 48 write(1, "vcsa:x:69:69:virtual console mem"..., 61vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin ) = 61 write(1, "rpm:x:37:37::/var/lib/rpm:/sbin/"..., 40rpm:x:37:37::/var/lib/rpm:/sbin/nologin ) = 40 write(1, "haldaemon:x:68:68:HAL daemon:/:/"..., 45haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ) = 45 write(1, "netdump:x:34:34:Network Crash Du"..., 61netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash ) = 61 write(1, "nscd:x:28:28:NSCD Daemon:/:/sbin"..., 41nscd:x:28:28:NSCD Daemon:/:/sbin/nologin ) = 41 write(1, "sshd:x:74:74:Privilege-separated"..., 67sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin ) = 67 write(1, "rpc:x:32:32:Portmapper RPC user:"..., 48rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin ) = 48 write(1, "mailnull:x:47:47::/var/spool/mqu"..., 50mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin ) = 50 write(1, "smmsp:x:51:51::/var/spool/mqueue"..., 47smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin ) = 47 write(1, "rpcuser:x:29:29:RPC Service User"..., 60rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin ) = 60 write(1, "nfsnobody:x:65534:65534:Anonymou"..., 70nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin ) = 70 write(1, "pcap:x:77:77::/var/arpwatch:/sbi"..., 42pcap:x:77:77::/var/arpwatch:/sbin/nologin ) = 42 write(1, "xfs:x:43:43:X Font Server:/etc/X"..., 52xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin ) = 52 write(1, "pegasus:x:100:500:tog-pegasus Op"..., 91pegasus:x:100:500:tog-pegasus OpenPegasus WBEM/CIM services:/var/lib/Pegasus:/sbin/nologin ) = 91 write(1, "postfix:x:89:89::/var/spool/post"..., 50postfix:x:89:89::/var/spool/postfix:/sbin/nologin ) = 50 write(1, "ntp:x:38:38::/etc/ntp:/sbin/nolo"..., 36ntp:x:38:38::/etc/ntp:/sbin/nologin ) = 36 read(3, "", 4096) = 0 open("/etc/ld.so.cache", O_RDONLY) = 4 fstat64(4, {st_mode=S_IFREG|0644, st_size=37645, ...}) = 0 old_mmap(NULL, 37645, PROT_READ, MAP_PRIVATE, 4, 0) = 0xb7d1a000 close(4) = 0 open("/lib/libnss_winbind.so.2", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0008\20\0"..., 512) 512 fstat64(4, {st_mode=S_IFREG|0755, st_size=19545, ...}) = 0 old_mmap(NULL, 27516, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x593000 old_mmap(0x597000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x3000) = 0x597000 old_mmap(0x598000, 7036, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x598000 close(4) = 0 munmap(0xb7d1a000, 37645) = 0 getpid() = 2782 lstat64("/tmp/.winbindd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat64("/tmp/.winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0 socket(PF_FILE, SOCK_STREAM, 0) = 4 fcntl64(4, F_GETFL) = 0x2 (flags O_RDWR) fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0 fcntl64(4, F_GETFD) = 0 fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 connect(4, {sa_family=AF_FILE, path="/tmp/.winbindd/pipe"}, 110) = 0 select(5, [4], NULL, NULL, {0, 0}) = 0 (Timeout) write(4, ",\7\0\0\0\0\0\0\336\n\0\0\0\10\0\0\0\0\0\0\0\0\0\0\0\0"..., 1836) = 1836 select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {5, 0}) read(4, "\24\5\0\0\2\0\0\0\v\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1300) = 1300 select(5, [4], NULL, NULL, {0, 0}) = 0 (Timeout) write(4, ",\7\0\0%\0\0\0\336\n\0\0\0\10\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1836) = 1836 select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {5, 0}) read(4, "C\5\0\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1300) = 1300 select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {5, 0}) read(4, "/usr/local/samba/var/locks/winbi"..., 47) = 47 lstat64("/usr/local/samba/var/locks/winbindd_privileged", {st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0 lstat64("/usr/local/samba/var/locks/winbindd_privileged/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0 socket(PF_FILE, SOCK_STREAM, 0) = 5 fcntl64(5, F_GETFL) = 0x2 (flags O_RDWR) fcntl64(5, F_SETFL, O_RDWR|O_NONBLOCK) = 0 fcntl64(5, F_GETFD) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 connect(5, {sa_family=AF_FILE, path="/usr/local/samba/var/locks/winbindd_privileged/pipe"}, 110) = 0 close(4) = 0 select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout) write(5, ",\7\0\0\6\0\0\0\336\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1836) = 1836 select(6, [5], NULL, NULL, {5, 0}) = 1 (in [5], left {5, 0}) read(5, "\24\5\0\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1300) = 1300 select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout) write(5, ",\7\0\0\10\0\0\0\336\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1836) = 1836 select(6, [5], NULL, NULL, {5, 0}) = 1 (in [5], left {4, 162000}) read(5, "\24\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1300) = 1300 close(3) = 0 munmap(0xb7d25000, 4096) = 0 select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout) write(5, ",\7\0\0\7\0\0\0\336\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1836) = 1836 select(6, [5], NULL, NULL, {5, 0}) = 1 (in [5], left {5, 0}) read(5, "\24\5\0\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1300) = 1300 munmap(0xb7d24000, 4096) = 0 exit_group(0) = ? Process 2782 detached [root@io samba]# As I can see getent talks to winbindd via its sockets: connect(5, {sa_family=AF_FILE, path="/usr/local/samba/var/locks/winbindd_privileged/pipe"}, 110) = 0 But why the hell isn't it able to list the users?? Can anyone with a running configuration help me? Any ideas? Thanks J?rg Horchler
'getent passwd' imposes an overall timeout of 30 seconds on the reply from winbindd. Maybe that's biting you? See Bugzillas 3660, 3024. Bob G> -----Original Message----- > From: samba-bounces+bob.gautier=rabobank.com@lists.samba.org > [mailto:samba-bounces+bob.gautier=rabobank.com@lists.samba.org] On Behalf Of Horchler, Joerg> Sent: 21 April 2006 11:06 > To: samba@lists.samba.org > Subject: [Samba] getent not working (again) > > Hi all, > > after I searched the internet about a week now I can't find > an answer to my > problem: > > The company I work for is using a Windows 2003 Domain using > the Windows Services for UNIX (SFU) and NIS. We are using two > Domain Controllers that are hosting the ADS. > > Now I want to use Samba and NFS to implement a file server > for our mixed client enviroment: There will be Linux, HP > UNIX, Solaris, AIX and Windows clients accessing this server. > The Linux/UNIX clients will use NFS (no problem). The > Windows clients will use Samba. > > ====================================> I compiled Samba 3.0.22 with: > > ./configure \ > --with-ldap \ > --with-ads \ > --with-pam \ > --with-quotas \ > --with-acl-support \ > --with-aio-support \ > --with-sendfile-support \ > --with-winbind \ > --with-shared-modules=idmap_ad > > The last option was the only way to get idmap_ad compiled and > installed. I need this to use 'idmap backend = ad' > > ====================================> > After installation I copied libnss_winbind.so and > libnss_wins.so to /lib and run ldconfig > > [root@io source]# ldconfig -v | grep libnss > libnss_winbind.so.2 -> libnss_winbind.so > libnss_wins.so.2 -> libnss_wins.so [root@io source]# > > ====================================> > My smb.conf is > > [root@io source]# cat /usr/local/samba/lib/smb.conf [global] > unix charset = UTF8 > display charset = UTF8 > workgroup = XYZ > realm = ABC.COM > server string = linux fileserver %h (Samba %v) > security = ADS > auth methods = winbind > allow trusted domains = No > lanman auth = No > log level = 0 smb:1 auth:1 winbind:1 idmap:1 acls:1 > log file = /var/log/samba/%m.log > disable netbios = Yes > reset on zero vc = Yes > deadtime = 10 > os level = 0 > preferred master = No > local master = No > domain master = No > wins server = a.b.c.d, a.b.c.e > ldap ssl = no > pid directory = /var/run > idmap backend = ad > idmap uid = 100-100000 > idmap gid = 100-100000 > winbind use default domain = Yes > winbind nested groups = Yes > winbind nss info = sfu > acl group control = Yes > acl map full control = No > inherit owner = Yes > ea support = Yes > map acl inherit = Yes > use sendfile = Yes > hide special files = Yes > map readonly = permissions > strict locking = No > dos filemode = Yes > [root@io source]# > > I configured no shares at the moment. Could that be a problem? > > ====================================> > My /etc/krb5.conf > > [root@io source]# cat /etc/krb5.conf > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > default_realm = ABC.COM > > [realms] > ABC.COM = { > default_domain = abc.com > } > > [domain_realm] > .abc.com = ABC.COM > abc.com = ABC.COM > > [appdefaults] > pam = { > debug = false > ticket_lifetime = 36000 > renew_lifetime = 36000 > forwardable = true > krb4_convert = false > } > [root@io source]# > > ====================================> > My /etc/nsswitch.conf > > [root@io source]# cat /etc/nsswitch.conf # # /etc/nsswitch.conf [...] > > passwd: files winbind > shadow: files winbind > group: files winbind > > #hosts: db files ldap nis dns > hosts: files dns wins > > [...] > > ====================================> > Then I joined the domain successfully: > > [root@io source]# > net ads join -Uruth "Servers" > > [root@io source]# wbinfo -t > checking the trust secret via RPC calls succeeded [root@io source]# > > [root@io source]# net ads info > LDAP server: a.b.c.d > LDAP server name: uranus > Realm: ABC.COM > Bind Path: dc=ABC,dc=COM > LDAP port: 389 > Server time: Fri, 21 Apr 2006 11:59:54 CEST KDC server: > a.b.c.d Server time offset: 55 [root@io source]# > > ====================================> > After starting nmbd, smbd and winbindd I can successfully > list my domain users and group with wbinfo. But when I try to > get a list via getent it doesn't work. > > [root@io source]# getent passwd > root:x:0:0:root:/root:/bin/bash > bin:x:1:1:bin:/bin:/sbin/nologin > daemon:x:2:2:daemon:/sbin:/sbin/nologin > adm:x:3:4:adm:/var/adm:/sbin/nologin > lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin > sync:x:5:0:sync:/sbin:/bin/sync > shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown > halt:x:7:0:halt:/sbin:/sbin/halt > mail:x:8:12:mail:/var/spool/mail:/sbin/nologin > news:x:9:13:news:/etc/news: > uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin > operator:x:11:0:operator:/root:/sbin/nologin > games:x:12:100:games:/usr/games:/sbin/nologin > gopher:x:13:30:gopher:/var/gopher:/sbin/nologin > ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin > nobody:x:99:99:Nobody:/:/sbin/nologin > dbus:x:81:81:System message bus:/:/sbin/nologin > vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin > rpm:x:37:37::/var/lib/rpm:/sbin/nologin > haldaemon:x:68:68:HAL daemon:/:/sbin/nologin > netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash > nscd:x:28:28:NSCD Daemon:/:/sbin/nologin > sshd:x:74:74:Privilege-separated > SSH:/var/empty/sshd:/sbin/nologin rpc:x:32:32:Portmapper RPC > user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin > smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin > rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin > nfsnobody:x:65534:65534:Anonymous NFS > User:/var/lib/nfs:/sbin/nologin > pcap:x:77:77::/var/arpwatch:/sbin/nologin > xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin > pegasus:x:100:500:tog-pegasus OpenPegasus WBEM/CIM > services:/var/lib/Pegasus:/sbin/nologin > postfix:x:89:89::/var/spool/postfix:/sbin/nologin > ntp:x:38:38::/etc/ntp:/sbin/nologin > [root@io source]# > > ====================================> > I have lots of messages of this in winbindd.log: > > [2006/04/21 12:01:13, 1] sam/idmap_ad.c:ad_idmap_get_id_from_sid(329) > ad_idmap_get_id_from_sid: ads_pull_uint32: could not read > attribute 'msSFU30GidNumber' > [2006/04/21 12:01:13, 1] > nsswitch/winbindd_user.c:winbindd_fill_pwent(92) > error getting group id for sid > S-1-5-21-1663660479-371685239-1594628879-513 > > But I think thats not the problem because in > winbindd_idmap.tdb are all users with correct mappings that > have the field msSFU30GidNumber. > > ====================================> > The last thing I tried was to to a strace: > > [root@io samba]# strace getent passwd > execve("/usr/bin/getent", ["getent", "passwd"], [/* 23 vars > */]) = 0 uname({sys="Linux", node="io.coremedia.com", ...}) = 0 > brk(0) = 0x9c66000 > access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or > directory) > open("/etc/ld.so.cache", O_RDONLY) = 3 > fstat64(3, {st_mode=S_IFREG|0644, st_size=37645, ...}) = 0 > old_mmap(NULL, 37645, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f27000 > close(3) = 0 > open("/lib/tls/libc.so.6", O_RDONLY) = 3 > read(3, > "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20o-\000"..., > 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, > st_size=1454546, ...}) = 0 old_mmap(0x2c2000, 1219772, > PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = > 0x2c2000 old_mmap(0x3e6000, 16384, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x124000) = 0x3e6000 > old_mmap(0x3ea000, 7356, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ea000 > close(3) = 0 > old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f26000 > mprotect(0x3e6000, 4096, PROT_READ) = 0 > mprotect(0x2be000, 4096, PROT_READ) = 0 > set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f26aa0, > limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, > limit_in_pages:1, seg_not_present:0, useable:1}) = 0 > munmap(0xb7f27000, 37645) = 0 > brk(0) = 0x9c66000 > brk(0x9c87000) = 0x9c87000 > open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) > = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=48513056, ...}) > = 0 mmap2(NULL, 2097152, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7d26000 > close(3) = 0 > open("/etc/nsswitch.conf", O_RDONLY) = 3 > fstat64(3, {st_mode=S_IFREG|0644, st_size=1652, ...}) = 0 > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7d25000 read(3, "#\n# > /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1652 > read(3, "", 4096) = 0 > close(3) = 0 > munmap(0xb7d25000, 4096) = 0 > open("/etc/ld.so.cache", O_RDONLY) = 3 > fstat64(3, {st_mode=S_IFREG|0644, st_size=37645, ...}) = 0 > old_mmap(NULL, 37645, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7d1c000 > close(3) = 0 > open("/lib/libnss_files.so.2", O_RDONLY) = 3 read(3, > "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\33\0"..., 512) > 512 > fstat64(3, {st_mode=S_IFREG|0755, st_size=45889, ...}) = 0 > old_mmap(NULL, 41608, PROT_READ|PROT_EXEC, > MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4b2000 > old_mmap(0x4bb000, 8192, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8000) = 0x4bb000 > close(3) = 0 > munmap(0xb7d1c000, 37645) = 0 > open("/etc/passwd", O_RDONLY) = 3 > fcntl64(3, F_GETFD) = 0 > fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 > fstat64(3, {st_mode=S_IFREG|0644, st_size=1546, ...}) = 0 > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7d25000 > _llseek(3, 0, [0], SEEK_CUR) = 0 > read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1546 > fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), > ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7d24000 write(1, > "root:x:0:0:root:/root:/bin/bash\n", > 32root:x:0:0:root:/root:/bin/bash > ) = 32 > write(1, "bin:x:1:1:bin:/bin:/sbin/nologin"..., > 33bin:x:1:1:bin:/bin:/sbin/nologin > ) = 33 > write(1, "daemon:x:2:2:daemon:/sbin:/sbin/"..., > 40daemon:x:2:2:daemon:/sbin:/sbin/nologin > ) = 40 > write(1, "adm:x:3:4:adm:/var/adm:/sbin/nol"..., > 37adm:x:3:4:adm:/var/adm:/sbin/nologin > ) = 37 > write(1, "lp:x:4:7:lp:/var/spool/lpd:/sbin"..., > 41lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin > ) = 41 > write(1, "sync:x:5:0:sync:/sbin:/bin/sync\n", > 32sync:x:5:0:sync:/sbin:/bin/sync > ) = 32 > write(1, "shutdown:x:6:0:shutdown:/sbin:/s"..., > 45shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown > ) = 45 > write(1, "halt:x:7:0:halt:/sbin:/sbin/halt"..., > 33halt:x:7:0:halt:/sbin:/sbin/halt > ) = 33 > write(1, "mail:x:8:12:mail:/var/spool/mail"..., > 47mail:x:8:12:mail:/var/spool/mail:/sbin/nologin > ) = 47 > write(1, "news:x:9:13:news:/etc/news:\n", > 28news:x:9:13:news:/etc/news: > ) = 28 > write(1, "uucp:x:10:14:uucp:/var/spool/uuc"..., > 48uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin > ) = 48 > write(1, "operator:x:11:0:operator:/root:/"..., > 45operator:x:11:0:operator:/root:/sbin/nologin > ) = 45 > write(1, "games:x:12:100:games:/usr/games:"..., > 46games:x:12:100:games:/usr/games:/sbin/nologin > ) = 46 > write(1, "gopher:x:13:30:gopher:/var/gophe"..., > 48gopher:x:13:30:gopher:/var/gopher:/sbin/nologin > ) = 48 > write(1, "ftp:x:14:50:FTP User:/var/ftp:/s"..., > 44ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin > ) = 44 > write(1, "nobody:x:99:99:Nobody:/:/sbin/no"..., > 38nobody:x:99:99:Nobody:/:/sbin/nologin > ) = 38 > write(1, "dbus:x:81:81:System message bus:"..., > 48dbus:x:81:81:System message bus:/:/sbin/nologin > ) = 48 > write(1, "vcsa:x:69:69:virtual console mem"..., > 61vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin > ) = 61 > write(1, "rpm:x:37:37::/var/lib/rpm:/sbin/"..., > 40rpm:x:37:37::/var/lib/rpm:/sbin/nologin > ) = 40 > write(1, "haldaemon:x:68:68:HAL daemon:/:/"..., > 45haldaemon:x:68:68:HAL daemon:/:/sbin/nologin > ) = 45 > write(1, "netdump:x:34:34:Network Crash Du"..., > 61netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash > ) = 61 > write(1, "nscd:x:28:28:NSCD Daemon:/:/sbin"..., > 41nscd:x:28:28:NSCD Daemon:/:/sbin/nologin > ) = 41 > write(1, "sshd:x:74:74:Privilege-separated"..., > 67sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin > ) = 67 > write(1, "rpc:x:32:32:Portmapper RPC user:"..., > 48rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin > ) = 48 > write(1, "mailnull:x:47:47::/var/spool/mqu"..., > 50mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin > ) = 50 > write(1, "smmsp:x:51:51::/var/spool/mqueue"..., > 47smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin > ) = 47 > write(1, "rpcuser:x:29:29:RPC Service User"..., > 60rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin > ) = 60 > write(1, "nfsnobody:x:65534:65534:Anonymou"..., > 70nfsnobody:x:65534:65534:Anonymous NFS > User:/var/lib/nfs:/sbin/nologin > ) = 70 > write(1, "pcap:x:77:77::/var/arpwatch:/sbi"..., > 42pcap:x:77:77::/var/arpwatch:/sbin/nologin > ) = 42 > write(1, "xfs:x:43:43:X Font Server:/etc/X"..., > 52xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin > ) = 52 > write(1, "pegasus:x:100:500:tog-pegasus Op"..., > 91pegasus:x:100:500:tog-pegasus OpenPegasus WBEM/CIM > services:/var/lib/Pegasus:/sbin/nologin > ) = 91 > write(1, "postfix:x:89:89::/var/spool/post"..., > 50postfix:x:89:89::/var/spool/postfix:/sbin/nologin > ) = 50 > write(1, "ntp:x:38:38::/etc/ntp:/sbin/nolo"..., > 36ntp:x:38:38::/etc/ntp:/sbin/nologin > ) = 36 > read(3, "", 4096) = 0 > open("/etc/ld.so.cache", O_RDONLY) = 4 > fstat64(4, {st_mode=S_IFREG|0644, st_size=37645, ...}) = 0 > old_mmap(NULL, 37645, PROT_READ, MAP_PRIVATE, 4, 0) = 0xb7d1a000 > close(4) = 0 > open("/lib/libnss_winbind.so.2", O_RDONLY) = 4 read(4, > "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0008\20\0"..., 512) > 512 > fstat64(4, {st_mode=S_IFREG|0755, st_size=19545, ...}) = 0 > old_mmap(NULL, 27516, PROT_READ|PROT_EXEC, > MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x593000 > old_mmap(0x597000, 4096, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x3000) = 0x597000 > old_mmap(0x598000, 7036, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x598000 > close(4) = 0 > munmap(0xb7d1a000, 37645) = 0 > getpid() = 2782 > lstat64("/tmp/.winbindd", {st_mode=S_IFDIR|0755, > st_size=4096, ...}) = 0 lstat64("/tmp/.winbindd/pipe", > {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0 > socket(PF_FILE, SOCK_STREAM, 0) = 4 > fcntl64(4, F_GETFL) = 0x2 (flags O_RDWR) > fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0 > fcntl64(4, F_GETFD) = 0 > fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 > connect(4, {sa_family=AF_FILE, path="/tmp/.winbindd/pipe"}, 110) = 0 > select(5, [4], NULL, NULL, {0, 0}) = 0 (Timeout) > write(4, > ",\7\0\0\0\0\0\0\336\n\0\0\0\10\0\0\0\0\0\0\0\0\0\0\0\0"..., > 1836) = 1836 > select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {5, 0}) > read(4, > "\24\5\0\0\2\0\0\0\v\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., > 1300) = 1300 > select(5, [4], NULL, NULL, {0, 0}) = 0 (Timeout) > write(4, > ",\7\0\0%\0\0\0\336\n\0\0\0\10\0\0\0\0\0\0\0\0\0\0\0\0\0"..., > 1836) = 1836 > select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {5, 0}) > read(4, > "C\5\0\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., > 1300) = 1300 > select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {5, 0}) > read(4, "/usr/local/samba/var/locks/winbi"..., 47) = 47 > lstat64("/usr/local/samba/var/locks/winbindd_privileged", > {st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0 > lstat64("/usr/local/samba/var/locks/winbindd_privileged/pipe", > {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0 > socket(PF_FILE, SOCK_STREAM, 0) = 5 > fcntl64(5, F_GETFL) = 0x2 (flags O_RDWR) > fcntl64(5, F_SETFL, O_RDWR|O_NONBLOCK) = 0 > fcntl64(5, F_GETFD) = 0 > fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 > connect(5, {sa_family=AF_FILE, > path="/usr/local/samba/var/locks/winbindd_privileged/pipe"}, 110) = 0 > close(4) = 0 > select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout) > write(5, > ",\7\0\0\6\0\0\0\336\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., > 1836) = 1836 > select(6, [5], NULL, NULL, {5, 0}) = 1 (in [5], left {5, 0}) > read(5, > "\24\5\0\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., > 1300) = 1300 > select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout) > write(5, > ",\7\0\0\10\0\0\0\336\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., > 1836) = 1836 > select(6, [5], NULL, NULL, {5, 0}) = 1 (in [5], left {4, 162000}) > read(5, > "\24\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., > 1300) = 1300 > close(3) = 0 > munmap(0xb7d25000, 4096) = 0 > select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout) > write(5, > ",\7\0\0\7\0\0\0\336\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., > 1836) = 1836 > select(6, [5], NULL, NULL, {5, 0}) = 1 (in [5], left {5, 0}) > read(5, > "\24\5\0\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., > 1300) = 1300 > munmap(0xb7d24000, 4096) = 0 > exit_group(0) = ? > Process 2782 detached > [root@io samba]# > > As I can see getent talks to winbindd via its sockets: > > connect(5, {sa_family=AF_FILE, > path="/usr/local/samba/var/locks/winbindd_privileged/pipe"}, 110) = 0 > > But why the hell isn't it able to list the users?? > > > Can anyone with a running configuration help me? Any ideas? > > Thanks > J?rg Horchler >_____________________________________________________________ This email (including any attachments to it) is confidential, legally privileged, subject to copyright and is sent for the personal attention of the intended recipient only. If you have received this email in error, please advise us immediately and delete it. You are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Although we have taken reasonable precautions to ensure no viruses are present in this email, we cannot accept responsibility for any loss or damage arising from the viruses in this email or attachments. We exclude any liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided in this email or its attachments, unless that information is subsequently confirmed in writing. If this email contains an offer, that should be considered as an invitation to treat. _____________________________________________________________
Probably not crucial, but I think you should remove from your nsswitch.conf the winbind in line: shadow: files *winbind* Best regards, Bla?. Horchler, Joerg wrote:> Hi all, > > after I searched the internet about a week now I can't find an answer to my > problem: > > The company I work for is using a Windows 2003 Domain using the Windows > Services for UNIX (SFU) and NIS. We are using two Domain Controllers that > are hosting the ADS. > > Now I want to use Samba and NFS to implement a file server for our mixed > client enviroment: There will be Linux, HP UNIX, Solaris, AIX and Windows > clients accessing this server. The Linux/UNIX clients will use NFS (no > problem). The Windows clients will use Samba. > > ====================================> I compiled Samba 3.0.22 with: > > ../configure \ > --with-ldap \ > --with-ads \ > --with-pam \ > --with-quotas \ > --with-acl-support \ > --with-aio-support \ > --with-sendfile-support \ > --with-winbind \ > --with-shared-modules=idmap_ad > > The last option was the only way to get idmap_ad compiled and installed. I > need this to use 'idmap backend = ad' > > ====================================> > After installation I copied libnss_winbind.so and libnss_wins.so to /lib and > run ldconfig > > [root@io source]# ldconfig -v | grep libnss > libnss_winbind.so.2 -> libnss_winbind.so > libnss_wins.so.2 -> libnss_wins.so > [root@io source]# > > ====================================> > My smb.conf is > > [root@io source]# cat /usr/local/samba/lib/smb.conf > [global] > unix charset = UTF8 > display charset = UTF8 > workgroup = XYZ > realm = ABC.COM > server string = linux fileserver %h (Samba %v) > security = ADS > auth methods = winbind > allow trusted domains = No > lanman auth = No > log level = 0 smb:1 auth:1 winbind:1 idmap:1 acls:1 > log file = /var/log/samba/%m.log > disable netbios = Yes > reset on zero vc = Yes > deadtime = 10 > os level = 0 > preferred master = No > local master = No > domain master = No > wins server = a.b.c.d, a.b.c.e > ldap ssl = no > pid directory = /var/run > idmap backend = ad > idmap uid = 100-100000 > idmap gid = 100-100000 > winbind use default domain = Yes > winbind nested groups = Yes > winbind nss info = sfu > acl group control = Yes > acl map full control = No > inherit owner = Yes > ea support = Yes > map acl inherit = Yes > use sendfile = Yes > hide special files = Yes > map readonly = permissions > strict locking = No > dos filemode = Yes > [root@io source]# > > I configured no shares at the moment. Could that be a problem? > > ====================================> > My /etc/krb5.conf > > [root@io source]# cat /etc/krb5.conf > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > default_realm = ABC.COM > > [realms] > ABC.COM = { > default_domain = abc.com > } > > [domain_realm] > .abc.com = ABC.COM > abc.com = ABC.COM > > [appdefaults] > pam = { > debug = false > ticket_lifetime = 36000 > renew_lifetime = 36000 > forwardable = true > krb4_convert = false > } > [root@io source]# > > ====================================> > My /etc/nsswitch.conf > > [root@io source]# cat /etc/nsswitch.conf > # > # /etc/nsswitch.conf > [...] > > passwd: files winbind > shadow: files winbind > group: files winbind > > #hosts: db files ldap nis dns > hosts: files dns wins > > [...] > > ====================================> > Then I joined the domain successfully: > > [root@io source]# > net ads join -Uruth "Servers" > > [root@io source]# wbinfo -t > checking the trust secret via RPC calls succeeded > [root@io source]# > > [root@io source]# net ads info > LDAP server: a.b.c.d > LDAP server name: uranus > Realm: ABC.COM > Bind Path: dc=ABC,dc=COM > LDAP port: 389 > Server time: Fri, 21 Apr 2006 11:59:54 CEST > KDC server: a.b.c.d > Server time offset: 55 > [root@io source]# > > ====================================> > After starting nmbd, smbd and winbindd I can successfully list my domain > users and group with wbinfo. But when I try to get a list via getent it > doesn't work. > > [root@io source]# getent passwd > root:x:0:0:root:/root:/bin/bash > bin:x:1:1:bin:/bin:/sbin/nologin > daemon:x:2:2:daemon:/sbin:/sbin/nologin > adm:x:3:4:adm:/var/adm:/sbin/nologin > lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin > sync:x:5:0:sync:/sbin:/bin/sync > shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown > halt:x:7:0:halt:/sbin:/sbin/halt > mail:x:8:12:mail:/var/spool/mail:/sbin/nologin > news:x:9:13:news:/etc/news: > uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin > operator:x:11:0:operator:/root:/sbin/nologin > games:x:12:100:games:/usr/games:/sbin/nologin > gopher:x:13:30:gopher:/var/gopher:/sbin/nologin > ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin > nobody:x:99:99:Nobody:/:/sbin/nologin > dbus:x:81:81:System message bus:/:/sbin/nologin > vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin > rpm:x:37:37::/var/lib/rpm:/sbin/nologin > haldaemon:x:68:68:HAL daemon:/:/sbin/nologin > netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash > nscd:x:28:28:NSCD Daemon:/:/sbin/nologin > sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin > rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin > mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin > smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin > rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin > nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin > pcap:x:77:77::/var/arpwatch:/sbin/nologin > xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin > pegasus:x:100:500:tog-pegasus OpenPegasus WBEM/CIM > services:/var/lib/Pegasus:/sbin/nologin > postfix:x:89:89::/var/spool/postfix:/sbin/nologin > ntp:x:38:38::/etc/ntp:/sbin/nologin > [root@io source]# > > ====================================> > I have lots of messages of this in winbindd.log: > > [2006/04/21 12:01:13, 1] sam/idmap_ad.c:ad_idmap_get_id_from_sid(329) > ad_idmap_get_id_from_sid: ads_pull_uint32: could not read attribute > 'msSFU30GidNumber' > [2006/04/21 12:01:13, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(92) > error getting group id for sid > S-1-5-21-1663660479-371685239-1594628879-513 > > But I think thats not the problem because in winbindd_idmap.tdb are all > users with correct mappings that have the field msSFU30GidNumber. > > ====================================> > The last thing I tried was to to a strace: > > [root@io samba]# strace getent passwd > execve("/usr/bin/getent", ["getent", "passwd"], [/* 23 vars */]) = 0 > uname({sys="Linux", node="io.coremedia.com", ...}) = 0 > brk(0) = 0x9c66000 > access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or > directory) > open("/etc/ld.so.cache", O_RDONLY) = 3 > fstat64(3, {st_mode=S_IFREG|0644, st_size=37645, ...}) = 0 > old_mmap(NULL, 37645, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f27000 > close(3) = 0 > open("/lib/tls/libc.so.6", O_RDONLY) = 3 > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20o-\000"..., 512) > = 512 > fstat64(3, {st_mode=S_IFREG|0755, st_size=1454546, ...}) = 0 > old_mmap(0x2c2000, 1219772, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, > 3, 0) = 0x2c2000 > old_mmap(0x3e6000, 16384, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x124000) = 0x3e6000 > old_mmap(0x3ea000, 7356, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ea000 > close(3) = 0 > old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) > = 0xb7f26000 > mprotect(0x3e6000, 4096, PROT_READ) = 0 > mprotect(0x2be000, 4096, PROT_READ) = 0 > set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f26aa0, limit:1048575, > seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, > seg_not_present:0, useable:1}) = 0 > munmap(0xb7f27000, 37645) = 0 > brk(0) = 0x9c66000 > brk(0x9c87000) = 0x9c87000 > open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3 > fstat64(3, {st_mode=S_IFREG|0644, st_size=48513056, ...}) = 0 > mmap2(NULL, 2097152, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7d26000 > close(3) = 0 > open("/etc/nsswitch.conf", O_RDONLY) = 3 > fstat64(3, {st_mode=S_IFREG|0644, st_size=1652, ...}) = 0 > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) > 0xb7d25000 > read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1652 > read(3, "", 4096) = 0 > close(3) = 0 > munmap(0xb7d25000, 4096) = 0 > open("/etc/ld.so.cache", O_RDONLY) = 3 > fstat64(3, {st_mode=S_IFREG|0644, st_size=37645, ...}) = 0 > old_mmap(NULL, 37645, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7d1c000 > close(3) = 0 > open("/lib/libnss_files.so.2", O_RDONLY) = 3 > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\33\0"..., 512) > 512 > fstat64(3, {st_mode=S_IFREG|0755, st_size=45889, ...}) = 0 > old_mmap(NULL, 41608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) > = 0x4b2000 > old_mmap(0x4bb000, 8192, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8000) = 0x4bb000 > close(3) = 0 > munmap(0xb7d1c000, 37645) = 0 > open("/etc/passwd", O_RDONLY) = 3 > fcntl64(3, F_GETFD) = 0 > fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 > fstat64(3, {st_mode=S_IFREG|0644, st_size=1546, ...}) = 0 > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) > 0xb7d25000 > _llseek(3, 0, [0], SEEK_CUR) = 0 > read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1546 > fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0 > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) > 0xb7d24000 > write(1, "root:x:0:0:root:/root:/bin/bash\n", > 32root:x:0:0:root:/root:/bin/bash > ) = 32 > write(1, "bin:x:1:1:bin:/bin:/sbin/nologin"..., > 33bin:x:1:1:bin:/bin:/sbin/nologin > ) = 33 > write(1, "daemon:x:2:2:daemon:/sbin:/sbin/"..., > 40daemon:x:2:2:daemon:/sbin:/sbin/nologin > ) = 40 > write(1, "adm:x:3:4:adm:/var/adm:/sbin/nol"..., > 37adm:x:3:4:adm:/var/adm:/sbin/nologin > ) = 37 > write(1, "lp:x:4:7:lp:/var/spool/lpd:/sbin"..., > 41lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin > ) = 41 > write(1, "sync:x:5:0:sync:/sbin:/bin/sync\n", > 32sync:x:5:0:sync:/sbin:/bin/sync > ) = 32 > write(1, "shutdown:x:6:0:shutdown:/sbin:/s"..., > 45shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown > ) = 45 > write(1, "halt:x:7:0:halt:/sbin:/sbin/halt"..., > 33halt:x:7:0:halt:/sbin:/sbin/halt > ) = 33 > write(1, "mail:x:8:12:mail:/var/spool/mail"..., > 47mail:x:8:12:mail:/var/spool/mail:/sbin/nologin > ) = 47 > write(1, "news:x:9:13:news:/etc/news:\n", 28news:x:9:13:news:/etc/news: > ) = 28 > write(1, "uucp:x:10:14:uucp:/var/spool/uuc"..., > 48uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin > ) = 48 > write(1, "operator:x:11:0:operator:/root:/"..., > 45operator:x:11:0:operator:/root:/sbin/nologin > ) = 45 > write(1, "games:x:12:100:games:/usr/games:"..., > 46games:x:12:100:games:/usr/games:/sbin/nologin > ) = 46 > write(1, "gopher:x:13:30:gopher:/var/gophe"..., > 48gopher:x:13:30:gopher:/var/gopher:/sbin/nologin > ) = 48 > write(1, "ftp:x:14:50:FTP User:/var/ftp:/s"..., 44ftp:x:14:50:FTP > User:/var/ftp:/sbin/nologin > ) = 44 > write(1, "nobody:x:99:99:Nobody:/:/sbin/no"..., > 38nobody:x:99:99:Nobody:/:/sbin/nologin > ) = 38 > write(1, "dbus:x:81:81:System message bus:"..., 48dbus:x:81:81:System > message bus:/:/sbin/nologin > ) = 48 > write(1, "vcsa:x:69:69:virtual console mem"..., 61vcsa:x:69:69:virtual > console memory owner:/dev:/sbin/nologin > ) = 61 > write(1, "rpm:x:37:37::/var/lib/rpm:/sbin/"..., > 40rpm:x:37:37::/var/lib/rpm:/sbin/nologin > ) = 40 > write(1, "haldaemon:x:68:68:HAL daemon:/:/"..., 45haldaemon:x:68:68:HAL > daemon:/:/sbin/nologin > ) = 45 > write(1, "netdump:x:34:34:Network Crash Du"..., 61netdump:x:34:34:Network > Crash Dump user:/var/crash:/bin/bash > ) = 61 > write(1, "nscd:x:28:28:NSCD Daemon:/:/sbin"..., 41nscd:x:28:28:NSCD > Daemon:/:/sbin/nologin > ) = 41 > write(1, "sshd:x:74:74:Privilege-separated"..., > 67sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin > ) = 67 > write(1, "rpc:x:32:32:Portmapper RPC user:"..., 48rpc:x:32:32:Portmapper RPC > user:/:/sbin/nologin > ) = 48 > write(1, "mailnull:x:47:47::/var/spool/mqu"..., > 50mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin > ) = 50 > write(1, "smmsp:x:51:51::/var/spool/mqueue"..., > 47smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin > ) = 47 > write(1, "rpcuser:x:29:29:RPC Service User"..., 60rpcuser:x:29:29:RPC > Service User:/var/lib/nfs:/sbin/nologin > ) = 60 > write(1, "nfsnobody:x:65534:65534:Anonymou"..., > 70nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin > ) = 70 > write(1, "pcap:x:77:77::/var/arpwatch:/sbi"..., > 42pcap:x:77:77::/var/arpwatch:/sbin/nologin > ) = 42 > write(1, "xfs:x:43:43:X Font Server:/etc/X"..., 52xfs:x:43:43:X Font > Server:/etc/X11/fs:/sbin/nologin > ) = 52 > write(1, "pegasus:x:100:500:tog-pegasus Op"..., > 91pegasus:x:100:500:tog-pegasus OpenPegasus WBEM/CIM > services:/var/lib/Pegasus:/sbin/nologin > ) = 91 > write(1, "postfix:x:89:89::/var/spool/post"..., > 50postfix:x:89:89::/var/spool/postfix:/sbin/nologin > ) = 50 > write(1, "ntp:x:38:38::/etc/ntp:/sbin/nolo"..., > 36ntp:x:38:38::/etc/ntp:/sbin/nologin > ) = 36 > read(3, "", 4096) = 0 > open("/etc/ld.so.cache", O_RDONLY) = 4 > fstat64(4, {st_mode=S_IFREG|0644, st_size=37645, ...}) = 0 > old_mmap(NULL, 37645, PROT_READ, MAP_PRIVATE, 4, 0) = 0xb7d1a000 > close(4) = 0 > open("/lib/libnss_winbind.so.2", O_RDONLY) = 4 > read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0008\20\0"..., 512) > 512 > fstat64(4, {st_mode=S_IFREG|0755, st_size=19545, ...}) = 0 > old_mmap(NULL, 27516, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) > = 0x593000 > old_mmap(0x597000, 4096, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x3000) = 0x597000 > old_mmap(0x598000, 7036, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x598000 > close(4) = 0 > munmap(0xb7d1a000, 37645) = 0 > getpid() = 2782 > lstat64("/tmp/.winbindd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 > lstat64("/tmp/.winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ....}) = 0 > socket(PF_FILE, SOCK_STREAM, 0) = 4 > fcntl64(4, F_GETFL) = 0x2 (flags O_RDWR) > fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0 > fcntl64(4, F_GETFD) = 0 > fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 > connect(4, {sa_family=AF_FILE, path="/tmp/.winbindd/pipe"}, 110) = 0 > select(5, [4], NULL, NULL, {0, 0}) = 0 (Timeout) > write(4, ",\7\0\0\0\0\0\0\336\n\0\0\0\10\0\0\0\0\0\0\0\0\0\0\0\0"..., 1836) > = 1836 > select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {5, 0}) > read(4, "\24\5\0\0\2\0\0\0\v\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1300) > = 1300 > select(5, [4], NULL, NULL, {0, 0}) = 0 (Timeout) > write(4, ",\7\0\0%\0\0\0\336\n\0\0\0\10\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1836) > = 1836 > select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {5, 0}) > read(4, "C\5\0\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1300) > = 1300 > select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {5, 0}) > read(4, "/usr/local/samba/var/locks/winbi"..., 47) = 47 > lstat64("/usr/local/samba/var/locks/winbindd_privileged", > {st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0 > lstat64("/usr/local/samba/var/locks/winbindd_privileged/pipe", > {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0 > socket(PF_FILE, SOCK_STREAM, 0) = 5 > fcntl64(5, F_GETFL) = 0x2 (flags O_RDWR) > fcntl64(5, F_SETFL, O_RDWR|O_NONBLOCK) = 0 > fcntl64(5, F_GETFD) = 0 > fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 > connect(5, {sa_family=AF_FILE, > path="/usr/local/samba/var/locks/winbindd_privileged/pipe"}, 110) = 0 > close(4) = 0 > select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout) > write(5, ",\7\0\0\6\0\0\0\336\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1836) > = 1836 > select(6, [5], NULL, NULL, {5, 0}) = 1 (in [5], left {5, 0}) > read(5, "\24\5\0\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1300) > = 1300 > select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout) > write(5, ",\7\0\0\10\0\0\0\336\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1836) > = 1836 > select(6, [5], NULL, NULL, {5, 0}) = 1 (in [5], left {4, 162000}) > read(5, "\24\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1300) > = 1300 > close(3) = 0 > munmap(0xb7d25000, 4096) = 0 > select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout) > write(5, ",\7\0\0\7\0\0\0\336\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1836) > = 1836 > select(6, [5], NULL, NULL, {5, 0}) = 1 (in [5], left {5, 0}) > read(5, "\24\5\0\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1300) > = 1300 > munmap(0xb7d24000, 4096) = 0 > exit_group(0) = ? > Process 2782 detached > [root@io samba]# > > As I can see getent talks to winbindd via its sockets: > > connect(5, {sa_family=AF_FILE, > path="/usr/local/samba/var/locks/winbindd_privileged/pipe"}, 110) = 0 > > But why the hell isn't it able to list the users?? > > > Can anyone with a running configuration help me? Any ideas? > > Thanks > J?rg Horchler >