Hi all,
after I searched the internet about a week now I can't find an answer to my
problem:
The company I work for is using a Windows 2003 Domain using the Windows
Services for UNIX (SFU) and NIS. We are using two Domain Controllers that
are hosting the ADS.
Now I want to use Samba and NFS to implement a file server for our mixed
client enviroment: There will be Linux, HP UNIX, Solaris, AIX and Windows
clients accessing this server. The Linux/UNIX clients will use NFS (no
problem). The Windows clients will use Samba.
====================================I compiled Samba 3.0.22 with:
./configure \
--with-ldap \
--with-ads \
--with-pam \
--with-quotas \
--with-acl-support \
--with-aio-support \
--with-sendfile-support \
--with-winbind \
--with-shared-modules=idmap_ad
The last option was the only way to get idmap_ad compiled and installed. I
need this to use 'idmap backend = ad'
====================================
After installation I copied libnss_winbind.so and libnss_wins.so to /lib and
run ldconfig
[root@io source]# ldconfig -v | grep libnss
libnss_winbind.so.2 -> libnss_winbind.so
libnss_wins.so.2 -> libnss_wins.so
[root@io source]#
====================================
My smb.conf is
[root@io source]# cat /usr/local/samba/lib/smb.conf
[global]
unix charset = UTF8
display charset = UTF8
workgroup = XYZ
realm = ABC.COM
server string = linux fileserver %h (Samba %v)
security = ADS
auth methods = winbind
allow trusted domains = No
lanman auth = No
log level = 0 smb:1 auth:1 winbind:1 idmap:1 acls:1
log file = /var/log/samba/%m.log
disable netbios = Yes
reset on zero vc = Yes
deadtime = 10
os level = 0
preferred master = No
local master = No
domain master = No
wins server = a.b.c.d, a.b.c.e
ldap ssl = no
pid directory = /var/run
idmap backend = ad
idmap uid = 100-100000
idmap gid = 100-100000
winbind use default domain = Yes
winbind nested groups = Yes
winbind nss info = sfu
acl group control = Yes
acl map full control = No
inherit owner = Yes
ea support = Yes
map acl inherit = Yes
use sendfile = Yes
hide special files = Yes
map readonly = permissions
strict locking = No
dos filemode = Yes
[root@io source]#
I configured no shares at the moment. Could that be a problem?
====================================
My /etc/krb5.conf
[root@io source]# cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = ABC.COM
[realms]
ABC.COM = {
default_domain = abc.com
}
[domain_realm]
.abc.com = ABC.COM
abc.com = ABC.COM
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
[root@io source]#
====================================
My /etc/nsswitch.conf
[root@io source]# cat /etc/nsswitch.conf
#
# /etc/nsswitch.conf
[...]
passwd: files winbind
shadow: files winbind
group: files winbind
#hosts: db files ldap nis dns
hosts: files dns wins
[...]
====================================
Then I joined the domain successfully:
[root@io source]#
net ads join -Uruth "Servers"
[root@io source]# wbinfo -t
checking the trust secret via RPC calls succeeded
[root@io source]#
[root@io source]# net ads info
LDAP server: a.b.c.d
LDAP server name: uranus
Realm: ABC.COM
Bind Path: dc=ABC,dc=COM
LDAP port: 389
Server time: Fri, 21 Apr 2006 11:59:54 CEST
KDC server: a.b.c.d
Server time offset: 55
[root@io source]#
====================================
After starting nmbd, smbd and winbindd I can successfully list my domain
users and group with wbinfo. But when I try to get a list via getent it
doesn't work.
[root@io source]# getent passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
pegasus:x:100:500:tog-pegasus OpenPegasus WBEM/CIM
services:/var/lib/Pegasus:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
[root@io source]#
====================================
I have lots of messages of this in winbindd.log:
[2006/04/21 12:01:13, 1] sam/idmap_ad.c:ad_idmap_get_id_from_sid(329)
ad_idmap_get_id_from_sid: ads_pull_uint32: could not read attribute
'msSFU30GidNumber'
[2006/04/21 12:01:13, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(92)
error getting group id for sid
S-1-5-21-1663660479-371685239-1594628879-513
But I think thats not the problem because in winbindd_idmap.tdb are all
users with correct mappings that have the field msSFU30GidNumber.
====================================
The last thing I tried was to to a strace:
[root@io samba]# strace getent passwd
execve("/usr/bin/getent", ["getent", "passwd"],
[/* 23 vars */]) = 0
uname({sys="Linux", node="io.coremedia.com", ...}) = 0
brk(0) = 0x9c66000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=37645, ...}) = 0
old_mmap(NULL, 37645, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f27000
close(3) = 0
open("/lib/tls/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20o-\000"...,
512)
= 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1454546, ...}) = 0
old_mmap(0x2c2000, 1219772, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
3, 0) = 0x2c2000
old_mmap(0x3e6000, 16384, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x124000) = 0x3e6000
old_mmap(0x3ea000, 7356, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ea000
close(3) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0xb7f26000
mprotect(0x3e6000, 4096, PROT_READ) = 0
mprotect(0x2be000, 4096, PROT_READ) = 0
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f26aa0, limit:1048575,
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1,
seg_not_present:0, useable:1}) = 0
munmap(0xb7f27000, 37645) = 0
brk(0) = 0x9c66000
brk(0x9c87000) = 0x9c87000
open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=48513056, ...}) = 0
mmap2(NULL, 2097152, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7d26000
close(3) = 0
open("/etc/nsswitch.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=1652, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
0xb7d25000
read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1652
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb7d25000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=37645, ...}) = 0
old_mmap(NULL, 37645, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7d1c000
close(3) = 0
open("/lib/libnss_files.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\33\0"...,
512) 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=45889, ...}) = 0
old_mmap(NULL, 41608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x4b2000
old_mmap(0x4bb000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8000) = 0x4bb000
close(3) = 0
munmap(0xb7d1c000, 37645) = 0
open("/etc/passwd", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1546, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
0xb7d25000
_llseek(3, 0, [0], SEEK_CUR) = 0
read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1546
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
0xb7d24000
write(1, "root:x:0:0:root:/root:/bin/bash\n",
32root:x:0:0:root:/root:/bin/bash
) = 32
write(1, "bin:x:1:1:bin:/bin:/sbin/nologin"...,
33bin:x:1:1:bin:/bin:/sbin/nologin
) = 33
write(1, "daemon:x:2:2:daemon:/sbin:/sbin/"...,
40daemon:x:2:2:daemon:/sbin:/sbin/nologin
) = 40
write(1, "adm:x:3:4:adm:/var/adm:/sbin/nol"...,
37adm:x:3:4:adm:/var/adm:/sbin/nologin
) = 37
write(1, "lp:x:4:7:lp:/var/spool/lpd:/sbin"...,
41lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
) = 41
write(1, "sync:x:5:0:sync:/sbin:/bin/sync\n",
32sync:x:5:0:sync:/sbin:/bin/sync
) = 32
write(1, "shutdown:x:6:0:shutdown:/sbin:/s"...,
45shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
) = 45
write(1, "halt:x:7:0:halt:/sbin:/sbin/halt"...,
33halt:x:7:0:halt:/sbin:/sbin/halt
) = 33
write(1, "mail:x:8:12:mail:/var/spool/mail"...,
47mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
) = 47
write(1, "news:x:9:13:news:/etc/news:\n",
28news:x:9:13:news:/etc/news:
) = 28
write(1, "uucp:x:10:14:uucp:/var/spool/uuc"...,
48uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
) = 48
write(1, "operator:x:11:0:operator:/root:/"...,
45operator:x:11:0:operator:/root:/sbin/nologin
) = 45
write(1, "games:x:12:100:games:/usr/games:"...,
46games:x:12:100:games:/usr/games:/sbin/nologin
) = 46
write(1, "gopher:x:13:30:gopher:/var/gophe"...,
48gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
) = 48
write(1, "ftp:x:14:50:FTP User:/var/ftp:/s"..., 44ftp:x:14:50:FTP
User:/var/ftp:/sbin/nologin
) = 44
write(1, "nobody:x:99:99:Nobody:/:/sbin/no"...,
38nobody:x:99:99:Nobody:/:/sbin/nologin
) = 38
write(1, "dbus:x:81:81:System message bus:"..., 48dbus:x:81:81:System
message bus:/:/sbin/nologin
) = 48
write(1, "vcsa:x:69:69:virtual console mem"..., 61vcsa:x:69:69:virtual
console memory owner:/dev:/sbin/nologin
) = 61
write(1, "rpm:x:37:37::/var/lib/rpm:/sbin/"...,
40rpm:x:37:37::/var/lib/rpm:/sbin/nologin
) = 40
write(1, "haldaemon:x:68:68:HAL daemon:/:/"...,
45haldaemon:x:68:68:HAL
daemon:/:/sbin/nologin
) = 45
write(1, "netdump:x:34:34:Network Crash Du"...,
61netdump:x:34:34:Network
Crash Dump user:/var/crash:/bin/bash
) = 61
write(1, "nscd:x:28:28:NSCD Daemon:/:/sbin"..., 41nscd:x:28:28:NSCD
Daemon:/:/sbin/nologin
) = 41
write(1, "sshd:x:74:74:Privilege-separated"...,
67sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
) = 67
write(1, "rpc:x:32:32:Portmapper RPC user:"...,
48rpc:x:32:32:Portmapper RPC
user:/:/sbin/nologin
) = 48
write(1, "mailnull:x:47:47::/var/spool/mqu"...,
50mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
) = 50
write(1, "smmsp:x:51:51::/var/spool/mqueue"...,
47smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
) = 47
write(1, "rpcuser:x:29:29:RPC Service User"..., 60rpcuser:x:29:29:RPC
Service User:/var/lib/nfs:/sbin/nologin
) = 60
write(1, "nfsnobody:x:65534:65534:Anonymou"...,
70nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
) = 70
write(1, "pcap:x:77:77::/var/arpwatch:/sbi"...,
42pcap:x:77:77::/var/arpwatch:/sbin/nologin
) = 42
write(1, "xfs:x:43:43:X Font Server:/etc/X"..., 52xfs:x:43:43:X Font
Server:/etc/X11/fs:/sbin/nologin
) = 52
write(1, "pegasus:x:100:500:tog-pegasus Op"...,
91pegasus:x:100:500:tog-pegasus OpenPegasus WBEM/CIM
services:/var/lib/Pegasus:/sbin/nologin
) = 91
write(1, "postfix:x:89:89::/var/spool/post"...,
50postfix:x:89:89::/var/spool/postfix:/sbin/nologin
) = 50
write(1, "ntp:x:38:38::/etc/ntp:/sbin/nolo"...,
36ntp:x:38:38::/etc/ntp:/sbin/nologin
) = 36
read(3, "", 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=37645, ...}) = 0
old_mmap(NULL, 37645, PROT_READ, MAP_PRIVATE, 4, 0) = 0xb7d1a000
close(4) = 0
open("/lib/libnss_winbind.so.2", O_RDONLY) = 4
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0008\20\0"...,
512) 512
fstat64(4, {st_mode=S_IFREG|0755, st_size=19545, ...}) = 0
old_mmap(NULL, 27516, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0)
= 0x593000
old_mmap(0x597000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x3000) = 0x597000
old_mmap(0x598000, 7036, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x598000
close(4) = 0
munmap(0xb7d1a000, 37645) = 0
getpid() = 2782
lstat64("/tmp/.winbindd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) =
0
lstat64("/tmp/.winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0,
...}) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 4
fcntl64(4, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
fcntl64(4, F_GETFD) = 0
fcntl64(4, F_SETFD, FD_CLOEXEC) = 0
connect(4, {sa_family=AF_FILE, path="/tmp/.winbindd/pipe"}, 110) = 0
select(5, [4], NULL, NULL, {0, 0}) = 0 (Timeout)
write(4, ",\7\0\0\0\0\0\0\336\n\0\0\0\10\0\0\0\0\0\0\0\0\0\0\0\0"...,
1836)
= 1836
select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {5, 0})
read(4, "\24\5\0\0\2\0\0\0\v\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
1300)
= 1300
select(5, [4], NULL, NULL, {0, 0}) = 0 (Timeout)
write(4, ",\7\0\0%\0\0\0\336\n\0\0\0\10\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
1836)
= 1836
select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {5, 0})
read(4, "C\5\0\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
1300)
= 1300
select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {5, 0})
read(4, "/usr/local/samba/var/locks/winbi"..., 47) = 47
lstat64("/usr/local/samba/var/locks/winbindd_privileged",
{st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0
lstat64("/usr/local/samba/var/locks/winbindd_privileged/pipe",
{st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 5
fcntl64(5, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(5, F_SETFL, O_RDWR|O_NONBLOCK) = 0
fcntl64(5, F_GETFD) = 0
fcntl64(5, F_SETFD, FD_CLOEXEC) = 0
connect(5, {sa_family=AF_FILE,
path="/usr/local/samba/var/locks/winbindd_privileged/pipe"}, 110) = 0
close(4) = 0
select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout)
write(5, ",\7\0\0\6\0\0\0\336\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
1836)
= 1836
select(6, [5], NULL, NULL, {5, 0}) = 1 (in [5], left {5, 0})
read(5, "\24\5\0\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
1300)
= 1300
select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout)
write(5, ",\7\0\0\10\0\0\0\336\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
1836)
= 1836
select(6, [5], NULL, NULL, {5, 0}) = 1 (in [5], left {4, 162000})
read(5, "\24\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
1300)
= 1300
close(3) = 0
munmap(0xb7d25000, 4096) = 0
select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout)
write(5, ",\7\0\0\7\0\0\0\336\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
1836)
= 1836
select(6, [5], NULL, NULL, {5, 0}) = 1 (in [5], left {5, 0})
read(5, "\24\5\0\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
1300)
= 1300
munmap(0xb7d24000, 4096) = 0
exit_group(0) = ?
Process 2782 detached
[root@io samba]#
As I can see getent talks to winbindd via its sockets:
connect(5, {sa_family=AF_FILE,
path="/usr/local/samba/var/locks/winbindd_privileged/pipe"}, 110) = 0
But why the hell isn't it able to list the users??
Can anyone with a running configuration help me? Any ideas?
Thanks
J?rg Horchler
'getent passwd' imposes an overall timeout of 30 seconds on the reply from winbindd. Maybe that's biting you? See Bugzillas 3660, 3024. Bob G> -----Original Message----- > From: samba-bounces+bob.gautier=rabobank.com@lists.samba.org > [mailto:samba-bounces+bob.gautier=rabobank.com@lists.samba.org] On Behalf Of Horchler, Joerg> Sent: 21 April 2006 11:06 > To: samba@lists.samba.org > Subject: [Samba] getent not working (again) > > Hi all, > > after I searched the internet about a week now I can't find > an answer to my > problem: > > The company I work for is using a Windows 2003 Domain using > the Windows Services for UNIX (SFU) and NIS. We are using two > Domain Controllers that are hosting the ADS. > > Now I want to use Samba and NFS to implement a file server > for our mixed client enviroment: There will be Linux, HP > UNIX, Solaris, AIX and Windows clients accessing this server. > The Linux/UNIX clients will use NFS (no problem). The > Windows clients will use Samba. > > ====================================> I compiled Samba 3.0.22 with: > > ./configure \ > --with-ldap \ > --with-ads \ > --with-pam \ > --with-quotas \ > --with-acl-support \ > --with-aio-support \ > --with-sendfile-support \ > --with-winbind \ > --with-shared-modules=idmap_ad > > The last option was the only way to get idmap_ad compiled and > installed. I need this to use 'idmap backend = ad' > > ====================================> > After installation I copied libnss_winbind.so and > libnss_wins.so to /lib and run ldconfig > > [root@io source]# ldconfig -v | grep libnss > libnss_winbind.so.2 -> libnss_winbind.so > libnss_wins.so.2 -> libnss_wins.so [root@io source]# > > ====================================> > My smb.conf is > > [root@io source]# cat /usr/local/samba/lib/smb.conf [global] > unix charset = UTF8 > display charset = UTF8 > workgroup = XYZ > realm = ABC.COM > server string = linux fileserver %h (Samba %v) > security = ADS > auth methods = winbind > allow trusted domains = No > lanman auth = No > log level = 0 smb:1 auth:1 winbind:1 idmap:1 acls:1 > log file = /var/log/samba/%m.log > disable netbios = Yes > reset on zero vc = Yes > deadtime = 10 > os level = 0 > preferred master = No > local master = No > domain master = No > wins server = a.b.c.d, a.b.c.e > ldap ssl = no > pid directory = /var/run > idmap backend = ad > idmap uid = 100-100000 > idmap gid = 100-100000 > winbind use default domain = Yes > winbind nested groups = Yes > winbind nss info = sfu > acl group control = Yes > acl map full control = No > inherit owner = Yes > ea support = Yes > map acl inherit = Yes > use sendfile = Yes > hide special files = Yes > map readonly = permissions > strict locking = No > dos filemode = Yes > [root@io source]# > > I configured no shares at the moment. Could that be a problem? > > ====================================> > My /etc/krb5.conf > > [root@io source]# cat /etc/krb5.conf > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > default_realm = ABC.COM > > [realms] > ABC.COM = { > default_domain = abc.com > } > > [domain_realm] > .abc.com = ABC.COM > abc.com = ABC.COM > > [appdefaults] > pam = { > debug = false > ticket_lifetime = 36000 > renew_lifetime = 36000 > forwardable = true > krb4_convert = false > } > [root@io source]# > > ====================================> > My /etc/nsswitch.conf > > [root@io source]# cat /etc/nsswitch.conf # # /etc/nsswitch.conf [...] > > passwd: files winbind > shadow: files winbind > group: files winbind > > #hosts: db files ldap nis dns > hosts: files dns wins > > [...] > > ====================================> > Then I joined the domain successfully: > > [root@io source]# > net ads join -Uruth "Servers" > > [root@io source]# wbinfo -t > checking the trust secret via RPC calls succeeded [root@io source]# > > [root@io source]# net ads info > LDAP server: a.b.c.d > LDAP server name: uranus > Realm: ABC.COM > Bind Path: dc=ABC,dc=COM > LDAP port: 389 > Server time: Fri, 21 Apr 2006 11:59:54 CEST KDC server: > a.b.c.d Server time offset: 55 [root@io source]# > > ====================================> > After starting nmbd, smbd and winbindd I can successfully > list my domain users and group with wbinfo. But when I try to > get a list via getent it doesn't work. > > [root@io source]# getent passwd > root:x:0:0:root:/root:/bin/bash > bin:x:1:1:bin:/bin:/sbin/nologin > daemon:x:2:2:daemon:/sbin:/sbin/nologin > adm:x:3:4:adm:/var/adm:/sbin/nologin > lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin > sync:x:5:0:sync:/sbin:/bin/sync > shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown > halt:x:7:0:halt:/sbin:/sbin/halt > mail:x:8:12:mail:/var/spool/mail:/sbin/nologin > news:x:9:13:news:/etc/news: > uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin > operator:x:11:0:operator:/root:/sbin/nologin > games:x:12:100:games:/usr/games:/sbin/nologin > gopher:x:13:30:gopher:/var/gopher:/sbin/nologin > ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin > nobody:x:99:99:Nobody:/:/sbin/nologin > dbus:x:81:81:System message bus:/:/sbin/nologin > vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin > rpm:x:37:37::/var/lib/rpm:/sbin/nologin > haldaemon:x:68:68:HAL daemon:/:/sbin/nologin > netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash > nscd:x:28:28:NSCD Daemon:/:/sbin/nologin > sshd:x:74:74:Privilege-separated > SSH:/var/empty/sshd:/sbin/nologin rpc:x:32:32:Portmapper RPC > user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin > smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin > rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin > nfsnobody:x:65534:65534:Anonymous NFS > User:/var/lib/nfs:/sbin/nologin > pcap:x:77:77::/var/arpwatch:/sbin/nologin > xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin > pegasus:x:100:500:tog-pegasus OpenPegasus WBEM/CIM > services:/var/lib/Pegasus:/sbin/nologin > postfix:x:89:89::/var/spool/postfix:/sbin/nologin > ntp:x:38:38::/etc/ntp:/sbin/nologin > [root@io source]# > > ====================================> > I have lots of messages of this in winbindd.log: > > [2006/04/21 12:01:13, 1] sam/idmap_ad.c:ad_idmap_get_id_from_sid(329) > ad_idmap_get_id_from_sid: ads_pull_uint32: could not read > attribute 'msSFU30GidNumber' > [2006/04/21 12:01:13, 1] > nsswitch/winbindd_user.c:winbindd_fill_pwent(92) > error getting group id for sid > S-1-5-21-1663660479-371685239-1594628879-513 > > But I think thats not the problem because in > winbindd_idmap.tdb are all users with correct mappings that > have the field msSFU30GidNumber. > > ====================================> > The last thing I tried was to to a strace: > > [root@io samba]# strace getent passwd > execve("/usr/bin/getent", ["getent", "passwd"], [/* 23 vars > */]) = 0 uname({sys="Linux", node="io.coremedia.com", ...}) = 0 > brk(0) = 0x9c66000 > access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or > directory) > open("/etc/ld.so.cache", O_RDONLY) = 3 > fstat64(3, {st_mode=S_IFREG|0644, st_size=37645, ...}) = 0 > old_mmap(NULL, 37645, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f27000 > close(3) = 0 > open("/lib/tls/libc.so.6", O_RDONLY) = 3 > read(3, > "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20o-\000"..., > 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, > st_size=1454546, ...}) = 0 old_mmap(0x2c2000, 1219772, > PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = > 0x2c2000 old_mmap(0x3e6000, 16384, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x124000) = 0x3e6000 > old_mmap(0x3ea000, 7356, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ea000 > close(3) = 0 > old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f26000 > mprotect(0x3e6000, 4096, PROT_READ) = 0 > mprotect(0x2be000, 4096, PROT_READ) = 0 > set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f26aa0, > limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, > limit_in_pages:1, seg_not_present:0, useable:1}) = 0 > munmap(0xb7f27000, 37645) = 0 > brk(0) = 0x9c66000 > brk(0x9c87000) = 0x9c87000 > open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) > = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=48513056, ...}) > = 0 mmap2(NULL, 2097152, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7d26000 > close(3) = 0 > open("/etc/nsswitch.conf", O_RDONLY) = 3 > fstat64(3, {st_mode=S_IFREG|0644, st_size=1652, ...}) = 0 > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7d25000 read(3, "#\n# > /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1652 > read(3, "", 4096) = 0 > close(3) = 0 > munmap(0xb7d25000, 4096) = 0 > open("/etc/ld.so.cache", O_RDONLY) = 3 > fstat64(3, {st_mode=S_IFREG|0644, st_size=37645, ...}) = 0 > old_mmap(NULL, 37645, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7d1c000 > close(3) = 0 > open("/lib/libnss_files.so.2", O_RDONLY) = 3 read(3, > "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\33\0"..., 512) > 512 > fstat64(3, {st_mode=S_IFREG|0755, st_size=45889, ...}) = 0 > old_mmap(NULL, 41608, PROT_READ|PROT_EXEC, > MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4b2000 > old_mmap(0x4bb000, 8192, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8000) = 0x4bb000 > close(3) = 0 > munmap(0xb7d1c000, 37645) = 0 > open("/etc/passwd", O_RDONLY) = 3 > fcntl64(3, F_GETFD) = 0 > fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 > fstat64(3, {st_mode=S_IFREG|0644, st_size=1546, ...}) = 0 > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7d25000 > _llseek(3, 0, [0], SEEK_CUR) = 0 > read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1546 > fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), > ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7d24000 write(1, > "root:x:0:0:root:/root:/bin/bash\n", > 32root:x:0:0:root:/root:/bin/bash > ) = 32 > write(1, "bin:x:1:1:bin:/bin:/sbin/nologin"..., > 33bin:x:1:1:bin:/bin:/sbin/nologin > ) = 33 > write(1, "daemon:x:2:2:daemon:/sbin:/sbin/"..., > 40daemon:x:2:2:daemon:/sbin:/sbin/nologin > ) = 40 > write(1, "adm:x:3:4:adm:/var/adm:/sbin/nol"..., > 37adm:x:3:4:adm:/var/adm:/sbin/nologin > ) = 37 > write(1, "lp:x:4:7:lp:/var/spool/lpd:/sbin"..., > 41lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin > ) = 41 > write(1, "sync:x:5:0:sync:/sbin:/bin/sync\n", > 32sync:x:5:0:sync:/sbin:/bin/sync > ) = 32 > write(1, "shutdown:x:6:0:shutdown:/sbin:/s"..., > 45shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown > ) = 45 > write(1, "halt:x:7:0:halt:/sbin:/sbin/halt"..., > 33halt:x:7:0:halt:/sbin:/sbin/halt > ) = 33 > write(1, "mail:x:8:12:mail:/var/spool/mail"..., > 47mail:x:8:12:mail:/var/spool/mail:/sbin/nologin > ) = 47 > write(1, "news:x:9:13:news:/etc/news:\n", > 28news:x:9:13:news:/etc/news: > ) = 28 > write(1, "uucp:x:10:14:uucp:/var/spool/uuc"..., > 48uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin > ) = 48 > write(1, "operator:x:11:0:operator:/root:/"..., > 45operator:x:11:0:operator:/root:/sbin/nologin > ) = 45 > write(1, "games:x:12:100:games:/usr/games:"..., > 46games:x:12:100:games:/usr/games:/sbin/nologin > ) = 46 > write(1, "gopher:x:13:30:gopher:/var/gophe"..., > 48gopher:x:13:30:gopher:/var/gopher:/sbin/nologin > ) = 48 > write(1, "ftp:x:14:50:FTP User:/var/ftp:/s"..., > 44ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin > ) = 44 > write(1, "nobody:x:99:99:Nobody:/:/sbin/no"..., > 38nobody:x:99:99:Nobody:/:/sbin/nologin > ) = 38 > write(1, "dbus:x:81:81:System message bus:"..., > 48dbus:x:81:81:System message bus:/:/sbin/nologin > ) = 48 > write(1, "vcsa:x:69:69:virtual console mem"..., > 61vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin > ) = 61 > write(1, "rpm:x:37:37::/var/lib/rpm:/sbin/"..., > 40rpm:x:37:37::/var/lib/rpm:/sbin/nologin > ) = 40 > write(1, "haldaemon:x:68:68:HAL daemon:/:/"..., > 45haldaemon:x:68:68:HAL daemon:/:/sbin/nologin > ) = 45 > write(1, "netdump:x:34:34:Network Crash Du"..., > 61netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash > ) = 61 > write(1, "nscd:x:28:28:NSCD Daemon:/:/sbin"..., > 41nscd:x:28:28:NSCD Daemon:/:/sbin/nologin > ) = 41 > write(1, "sshd:x:74:74:Privilege-separated"..., > 67sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin > ) = 67 > write(1, "rpc:x:32:32:Portmapper RPC user:"..., > 48rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin > ) = 48 > write(1, "mailnull:x:47:47::/var/spool/mqu"..., > 50mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin > ) = 50 > write(1, "smmsp:x:51:51::/var/spool/mqueue"..., > 47smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin > ) = 47 > write(1, "rpcuser:x:29:29:RPC Service User"..., > 60rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin > ) = 60 > write(1, "nfsnobody:x:65534:65534:Anonymou"..., > 70nfsnobody:x:65534:65534:Anonymous NFS > User:/var/lib/nfs:/sbin/nologin > ) = 70 > write(1, "pcap:x:77:77::/var/arpwatch:/sbi"..., > 42pcap:x:77:77::/var/arpwatch:/sbin/nologin > ) = 42 > write(1, "xfs:x:43:43:X Font Server:/etc/X"..., > 52xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin > ) = 52 > write(1, "pegasus:x:100:500:tog-pegasus Op"..., > 91pegasus:x:100:500:tog-pegasus OpenPegasus WBEM/CIM > services:/var/lib/Pegasus:/sbin/nologin > ) = 91 > write(1, "postfix:x:89:89::/var/spool/post"..., > 50postfix:x:89:89::/var/spool/postfix:/sbin/nologin > ) = 50 > write(1, "ntp:x:38:38::/etc/ntp:/sbin/nolo"..., > 36ntp:x:38:38::/etc/ntp:/sbin/nologin > ) = 36 > read(3, "", 4096) = 0 > open("/etc/ld.so.cache", O_RDONLY) = 4 > fstat64(4, {st_mode=S_IFREG|0644, st_size=37645, ...}) = 0 > old_mmap(NULL, 37645, PROT_READ, MAP_PRIVATE, 4, 0) = 0xb7d1a000 > close(4) = 0 > open("/lib/libnss_winbind.so.2", O_RDONLY) = 4 read(4, > "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0008\20\0"..., 512) > 512 > fstat64(4, {st_mode=S_IFREG|0755, st_size=19545, ...}) = 0 > old_mmap(NULL, 27516, PROT_READ|PROT_EXEC, > MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x593000 > old_mmap(0x597000, 4096, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x3000) = 0x597000 > old_mmap(0x598000, 7036, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x598000 > close(4) = 0 > munmap(0xb7d1a000, 37645) = 0 > getpid() = 2782 > lstat64("/tmp/.winbindd", {st_mode=S_IFDIR|0755, > st_size=4096, ...}) = 0 lstat64("/tmp/.winbindd/pipe", > {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0 > socket(PF_FILE, SOCK_STREAM, 0) = 4 > fcntl64(4, F_GETFL) = 0x2 (flags O_RDWR) > fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0 > fcntl64(4, F_GETFD) = 0 > fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 > connect(4, {sa_family=AF_FILE, path="/tmp/.winbindd/pipe"}, 110) = 0 > select(5, [4], NULL, NULL, {0, 0}) = 0 (Timeout) > write(4, > ",\7\0\0\0\0\0\0\336\n\0\0\0\10\0\0\0\0\0\0\0\0\0\0\0\0"..., > 1836) = 1836 > select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {5, 0}) > read(4, > "\24\5\0\0\2\0\0\0\v\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., > 1300) = 1300 > select(5, [4], NULL, NULL, {0, 0}) = 0 (Timeout) > write(4, > ",\7\0\0%\0\0\0\336\n\0\0\0\10\0\0\0\0\0\0\0\0\0\0\0\0\0"..., > 1836) = 1836 > select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {5, 0}) > read(4, > "C\5\0\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., > 1300) = 1300 > select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {5, 0}) > read(4, "/usr/local/samba/var/locks/winbi"..., 47) = 47 > lstat64("/usr/local/samba/var/locks/winbindd_privileged", > {st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0 > lstat64("/usr/local/samba/var/locks/winbindd_privileged/pipe", > {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0 > socket(PF_FILE, SOCK_STREAM, 0) = 5 > fcntl64(5, F_GETFL) = 0x2 (flags O_RDWR) > fcntl64(5, F_SETFL, O_RDWR|O_NONBLOCK) = 0 > fcntl64(5, F_GETFD) = 0 > fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 > connect(5, {sa_family=AF_FILE, > path="/usr/local/samba/var/locks/winbindd_privileged/pipe"}, 110) = 0 > close(4) = 0 > select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout) > write(5, > ",\7\0\0\6\0\0\0\336\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., > 1836) = 1836 > select(6, [5], NULL, NULL, {5, 0}) = 1 (in [5], left {5, 0}) > read(5, > "\24\5\0\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., > 1300) = 1300 > select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout) > write(5, > ",\7\0\0\10\0\0\0\336\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., > 1836) = 1836 > select(6, [5], NULL, NULL, {5, 0}) = 1 (in [5], left {4, 162000}) > read(5, > "\24\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., > 1300) = 1300 > close(3) = 0 > munmap(0xb7d25000, 4096) = 0 > select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout) > write(5, > ",\7\0\0\7\0\0\0\336\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., > 1836) = 1836 > select(6, [5], NULL, NULL, {5, 0}) = 1 (in [5], left {5, 0}) > read(5, > "\24\5\0\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., > 1300) = 1300 > munmap(0xb7d24000, 4096) = 0 > exit_group(0) = ? > Process 2782 detached > [root@io samba]# > > As I can see getent talks to winbindd via its sockets: > > connect(5, {sa_family=AF_FILE, > path="/usr/local/samba/var/locks/winbindd_privileged/pipe"}, 110) = 0 > > But why the hell isn't it able to list the users?? > > > Can anyone with a running configuration help me? Any ideas? > > Thanks > J?rg Horchler >_____________________________________________________________ This email (including any attachments to it) is confidential, legally privileged, subject to copyright and is sent for the personal attention of the intended recipient only. If you have received this email in error, please advise us immediately and delete it. You are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Although we have taken reasonable precautions to ensure no viruses are present in this email, we cannot accept responsibility for any loss or damage arising from the viruses in this email or attachments. We exclude any liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided in this email or its attachments, unless that information is subsequently confirmed in writing. If this email contains an offer, that should be considered as an invitation to treat. _____________________________________________________________
Probably not crucial, but I think you should remove from your nsswitch.conf the winbind in line: shadow: files *winbind* Best regards, Bla?. Horchler, Joerg wrote:> Hi all, > > after I searched the internet about a week now I can't find an answer to my > problem: > > The company I work for is using a Windows 2003 Domain using the Windows > Services for UNIX (SFU) and NIS. We are using two Domain Controllers that > are hosting the ADS. > > Now I want to use Samba and NFS to implement a file server for our mixed > client enviroment: There will be Linux, HP UNIX, Solaris, AIX and Windows > clients accessing this server. The Linux/UNIX clients will use NFS (no > problem). The Windows clients will use Samba. > > ====================================> I compiled Samba 3.0.22 with: > > ../configure \ > --with-ldap \ > --with-ads \ > --with-pam \ > --with-quotas \ > --with-acl-support \ > --with-aio-support \ > --with-sendfile-support \ > --with-winbind \ > --with-shared-modules=idmap_ad > > The last option was the only way to get idmap_ad compiled and installed. I > need this to use 'idmap backend = ad' > > ====================================> > After installation I copied libnss_winbind.so and libnss_wins.so to /lib and > run ldconfig > > [root@io source]# ldconfig -v | grep libnss > libnss_winbind.so.2 -> libnss_winbind.so > libnss_wins.so.2 -> libnss_wins.so > [root@io source]# > > ====================================> > My smb.conf is > > [root@io source]# cat /usr/local/samba/lib/smb.conf > [global] > unix charset = UTF8 > display charset = UTF8 > workgroup = XYZ > realm = ABC.COM > server string = linux fileserver %h (Samba %v) > security = ADS > auth methods = winbind > allow trusted domains = No > lanman auth = No > log level = 0 smb:1 auth:1 winbind:1 idmap:1 acls:1 > log file = /var/log/samba/%m.log > disable netbios = Yes > reset on zero vc = Yes > deadtime = 10 > os level = 0 > preferred master = No > local master = No > domain master = No > wins server = a.b.c.d, a.b.c.e > ldap ssl = no > pid directory = /var/run > idmap backend = ad > idmap uid = 100-100000 > idmap gid = 100-100000 > winbind use default domain = Yes > winbind nested groups = Yes > winbind nss info = sfu > acl group control = Yes > acl map full control = No > inherit owner = Yes > ea support = Yes > map acl inherit = Yes > use sendfile = Yes > hide special files = Yes > map readonly = permissions > strict locking = No > dos filemode = Yes > [root@io source]# > > I configured no shares at the moment. Could that be a problem? > > ====================================> > My /etc/krb5.conf > > [root@io source]# cat /etc/krb5.conf > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > default_realm = ABC.COM > > [realms] > ABC.COM = { > default_domain = abc.com > } > > [domain_realm] > .abc.com = ABC.COM > abc.com = ABC.COM > > [appdefaults] > pam = { > debug = false > ticket_lifetime = 36000 > renew_lifetime = 36000 > forwardable = true > krb4_convert = false > } > [root@io source]# > > ====================================> > My /etc/nsswitch.conf > > [root@io source]# cat /etc/nsswitch.conf > # > # /etc/nsswitch.conf > [...] > > passwd: files winbind > shadow: files winbind > group: files winbind > > #hosts: db files ldap nis dns > hosts: files dns wins > > [...] > > ====================================> > Then I joined the domain successfully: > > [root@io source]# > net ads join -Uruth "Servers" > > [root@io source]# wbinfo -t > checking the trust secret via RPC calls succeeded > [root@io source]# > > [root@io source]# net ads info > LDAP server: a.b.c.d > LDAP server name: uranus > Realm: ABC.COM > Bind Path: dc=ABC,dc=COM > LDAP port: 389 > Server time: Fri, 21 Apr 2006 11:59:54 CEST > KDC server: a.b.c.d > Server time offset: 55 > [root@io source]# > > ====================================> > After starting nmbd, smbd and winbindd I can successfully list my domain > users and group with wbinfo. But when I try to get a list via getent it > doesn't work. > > [root@io source]# getent passwd > root:x:0:0:root:/root:/bin/bash > bin:x:1:1:bin:/bin:/sbin/nologin > daemon:x:2:2:daemon:/sbin:/sbin/nologin > adm:x:3:4:adm:/var/adm:/sbin/nologin > lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin > sync:x:5:0:sync:/sbin:/bin/sync > shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown > halt:x:7:0:halt:/sbin:/sbin/halt > mail:x:8:12:mail:/var/spool/mail:/sbin/nologin > news:x:9:13:news:/etc/news: > uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin > operator:x:11:0:operator:/root:/sbin/nologin > games:x:12:100:games:/usr/games:/sbin/nologin > gopher:x:13:30:gopher:/var/gopher:/sbin/nologin > ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin > nobody:x:99:99:Nobody:/:/sbin/nologin > dbus:x:81:81:System message bus:/:/sbin/nologin > vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin > rpm:x:37:37::/var/lib/rpm:/sbin/nologin > haldaemon:x:68:68:HAL daemon:/:/sbin/nologin > netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash > nscd:x:28:28:NSCD Daemon:/:/sbin/nologin > sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin > rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin > mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin > smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin > rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin > nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin > pcap:x:77:77::/var/arpwatch:/sbin/nologin > xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin > pegasus:x:100:500:tog-pegasus OpenPegasus WBEM/CIM > services:/var/lib/Pegasus:/sbin/nologin > postfix:x:89:89::/var/spool/postfix:/sbin/nologin > ntp:x:38:38::/etc/ntp:/sbin/nologin > [root@io source]# > > ====================================> > I have lots of messages of this in winbindd.log: > > [2006/04/21 12:01:13, 1] sam/idmap_ad.c:ad_idmap_get_id_from_sid(329) > ad_idmap_get_id_from_sid: ads_pull_uint32: could not read attribute > 'msSFU30GidNumber' > [2006/04/21 12:01:13, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(92) > error getting group id for sid > S-1-5-21-1663660479-371685239-1594628879-513 > > But I think thats not the problem because in winbindd_idmap.tdb are all > users with correct mappings that have the field msSFU30GidNumber. > > ====================================> > The last thing I tried was to to a strace: > > [root@io samba]# strace getent passwd > execve("/usr/bin/getent", ["getent", "passwd"], [/* 23 vars */]) = 0 > uname({sys="Linux", node="io.coremedia.com", ...}) = 0 > brk(0) = 0x9c66000 > access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or > directory) > open("/etc/ld.so.cache", O_RDONLY) = 3 > fstat64(3, {st_mode=S_IFREG|0644, st_size=37645, ...}) = 0 > old_mmap(NULL, 37645, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f27000 > close(3) = 0 > open("/lib/tls/libc.so.6", O_RDONLY) = 3 > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20o-\000"..., 512) > = 512 > fstat64(3, {st_mode=S_IFREG|0755, st_size=1454546, ...}) = 0 > old_mmap(0x2c2000, 1219772, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, > 3, 0) = 0x2c2000 > old_mmap(0x3e6000, 16384, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x124000) = 0x3e6000 > old_mmap(0x3ea000, 7356, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ea000 > close(3) = 0 > old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) > = 0xb7f26000 > mprotect(0x3e6000, 4096, PROT_READ) = 0 > mprotect(0x2be000, 4096, PROT_READ) = 0 > set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f26aa0, limit:1048575, > seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, > seg_not_present:0, useable:1}) = 0 > munmap(0xb7f27000, 37645) = 0 > brk(0) = 0x9c66000 > brk(0x9c87000) = 0x9c87000 > open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3 > fstat64(3, {st_mode=S_IFREG|0644, st_size=48513056, ...}) = 0 > mmap2(NULL, 2097152, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7d26000 > close(3) = 0 > open("/etc/nsswitch.conf", O_RDONLY) = 3 > fstat64(3, {st_mode=S_IFREG|0644, st_size=1652, ...}) = 0 > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) > 0xb7d25000 > read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1652 > read(3, "", 4096) = 0 > close(3) = 0 > munmap(0xb7d25000, 4096) = 0 > open("/etc/ld.so.cache", O_RDONLY) = 3 > fstat64(3, {st_mode=S_IFREG|0644, st_size=37645, ...}) = 0 > old_mmap(NULL, 37645, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7d1c000 > close(3) = 0 > open("/lib/libnss_files.so.2", O_RDONLY) = 3 > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\33\0"..., 512) > 512 > fstat64(3, {st_mode=S_IFREG|0755, st_size=45889, ...}) = 0 > old_mmap(NULL, 41608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) > = 0x4b2000 > old_mmap(0x4bb000, 8192, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8000) = 0x4bb000 > close(3) = 0 > munmap(0xb7d1c000, 37645) = 0 > open("/etc/passwd", O_RDONLY) = 3 > fcntl64(3, F_GETFD) = 0 > fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 > fstat64(3, {st_mode=S_IFREG|0644, st_size=1546, ...}) = 0 > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) > 0xb7d25000 > _llseek(3, 0, [0], SEEK_CUR) = 0 > read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1546 > fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0 > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) > 0xb7d24000 > write(1, "root:x:0:0:root:/root:/bin/bash\n", > 32root:x:0:0:root:/root:/bin/bash > ) = 32 > write(1, "bin:x:1:1:bin:/bin:/sbin/nologin"..., > 33bin:x:1:1:bin:/bin:/sbin/nologin > ) = 33 > write(1, "daemon:x:2:2:daemon:/sbin:/sbin/"..., > 40daemon:x:2:2:daemon:/sbin:/sbin/nologin > ) = 40 > write(1, "adm:x:3:4:adm:/var/adm:/sbin/nol"..., > 37adm:x:3:4:adm:/var/adm:/sbin/nologin > ) = 37 > write(1, "lp:x:4:7:lp:/var/spool/lpd:/sbin"..., > 41lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin > ) = 41 > write(1, "sync:x:5:0:sync:/sbin:/bin/sync\n", > 32sync:x:5:0:sync:/sbin:/bin/sync > ) = 32 > write(1, "shutdown:x:6:0:shutdown:/sbin:/s"..., > 45shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown > ) = 45 > write(1, "halt:x:7:0:halt:/sbin:/sbin/halt"..., > 33halt:x:7:0:halt:/sbin:/sbin/halt > ) = 33 > write(1, "mail:x:8:12:mail:/var/spool/mail"..., > 47mail:x:8:12:mail:/var/spool/mail:/sbin/nologin > ) = 47 > write(1, "news:x:9:13:news:/etc/news:\n", 28news:x:9:13:news:/etc/news: > ) = 28 > write(1, "uucp:x:10:14:uucp:/var/spool/uuc"..., > 48uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin > ) = 48 > write(1, "operator:x:11:0:operator:/root:/"..., > 45operator:x:11:0:operator:/root:/sbin/nologin > ) = 45 > write(1, "games:x:12:100:games:/usr/games:"..., > 46games:x:12:100:games:/usr/games:/sbin/nologin > ) = 46 > write(1, "gopher:x:13:30:gopher:/var/gophe"..., > 48gopher:x:13:30:gopher:/var/gopher:/sbin/nologin > ) = 48 > write(1, "ftp:x:14:50:FTP User:/var/ftp:/s"..., 44ftp:x:14:50:FTP > User:/var/ftp:/sbin/nologin > ) = 44 > write(1, "nobody:x:99:99:Nobody:/:/sbin/no"..., > 38nobody:x:99:99:Nobody:/:/sbin/nologin > ) = 38 > write(1, "dbus:x:81:81:System message bus:"..., 48dbus:x:81:81:System > message bus:/:/sbin/nologin > ) = 48 > write(1, "vcsa:x:69:69:virtual console mem"..., 61vcsa:x:69:69:virtual > console memory owner:/dev:/sbin/nologin > ) = 61 > write(1, "rpm:x:37:37::/var/lib/rpm:/sbin/"..., > 40rpm:x:37:37::/var/lib/rpm:/sbin/nologin > ) = 40 > write(1, "haldaemon:x:68:68:HAL daemon:/:/"..., 45haldaemon:x:68:68:HAL > daemon:/:/sbin/nologin > ) = 45 > write(1, "netdump:x:34:34:Network Crash Du"..., 61netdump:x:34:34:Network > Crash Dump user:/var/crash:/bin/bash > ) = 61 > write(1, "nscd:x:28:28:NSCD Daemon:/:/sbin"..., 41nscd:x:28:28:NSCD > Daemon:/:/sbin/nologin > ) = 41 > write(1, "sshd:x:74:74:Privilege-separated"..., > 67sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin > ) = 67 > write(1, "rpc:x:32:32:Portmapper RPC user:"..., 48rpc:x:32:32:Portmapper RPC > user:/:/sbin/nologin > ) = 48 > write(1, "mailnull:x:47:47::/var/spool/mqu"..., > 50mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin > ) = 50 > write(1, "smmsp:x:51:51::/var/spool/mqueue"..., > 47smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin > ) = 47 > write(1, "rpcuser:x:29:29:RPC Service User"..., 60rpcuser:x:29:29:RPC > Service User:/var/lib/nfs:/sbin/nologin > ) = 60 > write(1, "nfsnobody:x:65534:65534:Anonymou"..., > 70nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin > ) = 70 > write(1, "pcap:x:77:77::/var/arpwatch:/sbi"..., > 42pcap:x:77:77::/var/arpwatch:/sbin/nologin > ) = 42 > write(1, "xfs:x:43:43:X Font Server:/etc/X"..., 52xfs:x:43:43:X Font > Server:/etc/X11/fs:/sbin/nologin > ) = 52 > write(1, "pegasus:x:100:500:tog-pegasus Op"..., > 91pegasus:x:100:500:tog-pegasus OpenPegasus WBEM/CIM > services:/var/lib/Pegasus:/sbin/nologin > ) = 91 > write(1, "postfix:x:89:89::/var/spool/post"..., > 50postfix:x:89:89::/var/spool/postfix:/sbin/nologin > ) = 50 > write(1, "ntp:x:38:38::/etc/ntp:/sbin/nolo"..., > 36ntp:x:38:38::/etc/ntp:/sbin/nologin > ) = 36 > read(3, "", 4096) = 0 > open("/etc/ld.so.cache", O_RDONLY) = 4 > fstat64(4, {st_mode=S_IFREG|0644, st_size=37645, ...}) = 0 > old_mmap(NULL, 37645, PROT_READ, MAP_PRIVATE, 4, 0) = 0xb7d1a000 > close(4) = 0 > open("/lib/libnss_winbind.so.2", O_RDONLY) = 4 > read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0008\20\0"..., 512) > 512 > fstat64(4, {st_mode=S_IFREG|0755, st_size=19545, ...}) = 0 > old_mmap(NULL, 27516, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) > = 0x593000 > old_mmap(0x597000, 4096, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x3000) = 0x597000 > old_mmap(0x598000, 7036, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x598000 > close(4) = 0 > munmap(0xb7d1a000, 37645) = 0 > getpid() = 2782 > lstat64("/tmp/.winbindd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 > lstat64("/tmp/.winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ....}) = 0 > socket(PF_FILE, SOCK_STREAM, 0) = 4 > fcntl64(4, F_GETFL) = 0x2 (flags O_RDWR) > fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0 > fcntl64(4, F_GETFD) = 0 > fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 > connect(4, {sa_family=AF_FILE, path="/tmp/.winbindd/pipe"}, 110) = 0 > select(5, [4], NULL, NULL, {0, 0}) = 0 (Timeout) > write(4, ",\7\0\0\0\0\0\0\336\n\0\0\0\10\0\0\0\0\0\0\0\0\0\0\0\0"..., 1836) > = 1836 > select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {5, 0}) > read(4, "\24\5\0\0\2\0\0\0\v\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1300) > = 1300 > select(5, [4], NULL, NULL, {0, 0}) = 0 (Timeout) > write(4, ",\7\0\0%\0\0\0\336\n\0\0\0\10\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1836) > = 1836 > select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {5, 0}) > read(4, "C\5\0\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1300) > = 1300 > select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {5, 0}) > read(4, "/usr/local/samba/var/locks/winbi"..., 47) = 47 > lstat64("/usr/local/samba/var/locks/winbindd_privileged", > {st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0 > lstat64("/usr/local/samba/var/locks/winbindd_privileged/pipe", > {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0 > socket(PF_FILE, SOCK_STREAM, 0) = 5 > fcntl64(5, F_GETFL) = 0x2 (flags O_RDWR) > fcntl64(5, F_SETFL, O_RDWR|O_NONBLOCK) = 0 > fcntl64(5, F_GETFD) = 0 > fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 > connect(5, {sa_family=AF_FILE, > path="/usr/local/samba/var/locks/winbindd_privileged/pipe"}, 110) = 0 > close(4) = 0 > select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout) > write(5, ",\7\0\0\6\0\0\0\336\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1836) > = 1836 > select(6, [5], NULL, NULL, {5, 0}) = 1 (in [5], left {5, 0}) > read(5, "\24\5\0\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1300) > = 1300 > select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout) > write(5, ",\7\0\0\10\0\0\0\336\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1836) > = 1836 > select(6, [5], NULL, NULL, {5, 0}) = 1 (in [5], left {4, 162000}) > read(5, "\24\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1300) > = 1300 > close(3) = 0 > munmap(0xb7d25000, 4096) = 0 > select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout) > write(5, ",\7\0\0\7\0\0\0\336\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1836) > = 1836 > select(6, [5], NULL, NULL, {5, 0}) = 1 (in [5], left {5, 0}) > read(5, "\24\5\0\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1300) > = 1300 > munmap(0xb7d24000, 4096) = 0 > exit_group(0) = ? > Process 2782 detached > [root@io samba]# > > As I can see getent talks to winbindd via its sockets: > > connect(5, {sa_family=AF_FILE, > path="/usr/local/samba/var/locks/winbindd_privileged/pipe"}, 110) = 0 > > But why the hell isn't it able to list the users?? > > > Can anyone with a running configuration help me? Any ideas? > > Thanks > J?rg Horchler >