Chun Kit Hui
2006-Aug-22 16:16 UTC
[Samba] [IDMAP AD] Strange questions on uid/gid resolution.
Dear all, I am using Win2003 with SFU 3.5 (not R2) as domain controller. I enabled the UNIX attributes of several users and groups. I use idmap = ad to connect to my Win2003 box and setup the winbind / nss accordingly. wbinfo -u / -g work fine, getent passwd / group works fine, chown works fine, id <username> works fine. But when I tries to use ls or groups <username>, it returns the error "id: cannot find name for <GROUP>" and ls just shows the uid/gid instead of the name. Any ideas? The config files / output are as follow: Platform: Debian sarge samba from backports.org samba version (smbd -V): Version 3.0.22 smb.conf idmap backend = ad:ldap://192.168.0.201 idmap uid = 50000-51000 idmap gid = 50000-51000 template shell = /bin/bash template homedir = /home/%U #winbind trusted domains only = Yes winbind use default domain = yes winbind nested groups = Yes #winbind separator = "\" winbind cache time = 10 winbind enum groups = Yes winbind enum users = Yes winbind nss info = template sfu /etc/nsswitch.conf: passwd: compat winbind group: compat winbind shadow: compat wbinfo -u: Administrator Guest DC1$ krbtgt testuser01 fileserver$ PC1$ PC2$ testuser02 testuser03 wbinfo -g: HelpServicesGroup TelnetClients Domain Computers Domain Controllers Schema Admins Enterprise Admins Cert Publishers Domain Admins Domain Users Domain Guests Group Policy Creator Owners RAS and IAS Servers DnsAdmins DnsUpdateProxy WINS Users Local_Staff IT_Team Counselling_Team PasswordPropDeny getent passwd: administrator:x:10002:10002:Administrator:/home/administrator:/bin/sh testuser01:x:10000:10002:User 01:/home/testuser01:/bin/sh testuser02:x:10001:10002:User 02:/home/testuser02:/bin/sh testuser03:x:10003:10002:User 03:/home/testuser03:/bin/sh getent group: Domain Users:x:10002: Local_Staff:x:10004:testuser02 IT_Team:x:10000: chown and chgrp succeeds ls /home: drwxr-xr-x 5 10000 10000 4096 2006-08-22 23:50 testuser01 drwxr-xr-x 3 10001 10000 4096 2006-08-22 11:31 testuser02 drwxr-xr-x 2 10003 10000 4096 2006-08-23 00:13 testuser03 groups testuser01: id: cannot find name for group ID 10002 Sorry for a very very long appendix. :P Any help will be highly appreciated! Jacky in desperate
Neal A. Lucier
2006-Aug-23 16:05 UTC
[Samba] Re: [IDMAP AD] Strange questions on uid/gid resolution.
Chun Kit Hui wrote:> I am using Win2003 with SFU 3.5 (not R2) as domain controller. I enabled > the > UNIX attributes of several users and groups. I use idmap = ad to connect to > my Win2003 box and setup the winbind / nss accordingly. wbinfo -u / -g work > fine, getent passwd / group works fine, chown works fine, id <username> > works fine. But when I tries to use ls or groups <username>, it returns the > error "id: cannot find name for <GROUP>" and ls just shows the uid/gid > instead of the name. > > Any ideas? >I noticed the same behavior with 3.0.23a, idmap=ad, and w2k3 r2 on Solaris/SPARC. I tracked the issue to that though winbind could do username->uid it could not do uid->username; i.e.: % getent passwd nlucier nlucier:x:501:1:Neal Antoine Lucier:/home/nlucier:/bin/tcsh % getent passwd 501 % 'truss'ing the getent I could see that libnss_winbind was putting the 501 into the door(?) file shared with winbindd but all zeros would be returned. When nlucier was put into the same file winbindd would happily return everything. That's as far as I traced it, because Jerry then confirmed the bug with implicit mapping of users by name, which is the config I want to use. Neal
Possibly Parallel Threads
- force ntlm
- Access to Windows 2016 server works with IP but not with netbios name
- Access to Windows 2016 server works with IP but not with netbios name
- Access to Windows 2016 server works with IP but not with netbios name
- Access to Windows 2016 server works with IP but not with netbios name