Prajjwal P. Devkota
2007-Apr-18 06:43 UTC
[Samba] Domain membership problem in OpenSuse 10.2
Dear Everyone, I am trying to use an OpenSuse 10.2 computer on a Windows 2000 domain using winbind authentication (join to domain). I added a few lines to the smb.conf for extracting sfu attributes, and my smb.conf looks like this: [global] idmap backend = ad idmap gid = 1000-100000 idmap uid = 1000-100000 winbind uid = 16777216-33554431 winbind gid = 16777216-33554431 password server = dell.umn.org.np realm = UMN.ORG.NP workgroup = HQ security = ADS template homedir = /home/%D/%U template shell = /bin/bash usershare allow guests = No winbind refresh tickets = yes winbind cache time = 3600 workgroup = HQ winbind use default domain = yes winbind enum users = Yes winbind enum groups = Yes winbind nested groups = Yes winbind nss info = sfu winbind offline logon = Yes winbind use default domain = yes debuglevel = 4 log level = 4 I was able to easily view users and groups on the domain, and the group info would be extracted easily. I recently applied available patches to the computer, because there were some issues with cdrom access for domain users, and Ximian evolution connection to Microsoft exchange that went away only on updating. However, now I can see uids for users, but the gids are not getting resolved. I am attaching sample output below: opensuse:~ # id prajjwal uid=10000(prajjwal) gid=10000 groups=10000,10032,10133,10002,10117 opensuse:~ # groups prajjwal id: cannot find name for group ID 10000 10000 id: cannot find name for group ID 10032 10032 id: cannot find name for group ID 10133 10133 id: cannot find name for group ID 10002 10002 id: cannot find name for group ID 10117 10117 As samba-client and samba-winbind on the server were 3.0.23 even on updating, I even tried manually downloading the latest rpms from the opensuse ftp site and installing them. However, my problem still remains. My installed samba packages are listed below: opensuse:~ # rpm -qa|grep samba kdebase3-samba-3.5.5-78 yast2-samba-client-2.14.4-3 yast2-samba-server-2.14.3-10 samba-client-3.0.24-12.1.55 samba-winbind-3.0.24-12.1.55 Extra information: wbinfo -u and wbinfo -g both return proper domain user and group listings. wbinfo -p also returns a successful result. After doing getent group for a particular group, then that group can get resolved. For example, continuing on the information provided above: opensuse:~ # getent group 'Domain Users' domain users:x:10000:guest opensuse:~ # groups prajjwal id prdomain users id: cannot find name for group ID 10032 10032 id: cannot find name for group ID 10133 10133 id: cannot find name for group ID 10002 10002 id: cannot find name for group ID 10117 10117 opensuse:~ # id prajjwal uid=10000(prajjwal) gid=10000(domain users) groups=10000(domain users),10032,10133,10002,10117 As you can see, now the uid 10000 is resolved as Domain users, while other groups are still not resolved. All the other linux computers on my domain are running fine: I have got centos 4, fedora core 5, and opensuse 10.2 running. Can anyone help me get this problem sorted out? Thanks a lot, Prajjwal
Prajjwal P. Devkota
2007-Apr-18 08:41 UTC
[Samba] Re: Domain membership problem in OpenSuse 10.2
Hi Everyone, I found out my mistake. The funny thing is: it works in Fedora Core 5, even though I have the same lines in the smb.conf file. The two lines: winbind uid = 16777216-33554431 winbind gid = 16777216-33554431 were causing the problem. I tried two things, and both worked: a. I changed the winbind uid and gid to 1000-100000, and I could get a proper listing b. Removing the winbind uid and gid lines altogether worked as well. Prajjwal On 4/18/07, Prajjwal P. Devkota <prajjwald@gmail.com> wrote:> > Dear Everyone, > > I am trying to use an OpenSuse 10.2 computer on a Windows 2000 domain > using winbind authentication (join to domain). I added a few lines to > the smb.conf for extracting sfu attributes, and my smb.conf looks like > this: > [global] > idmap backend = ad > idmap gid = 1000-100000 > idmap uid = 1000-100000 > winbind uid = 16777216-33554431 > winbind gid = 16777216-33554431 > password server = dell.umn.org.np > realm = UMN.ORG.NP > workgroup = HQ > security = ADS > template homedir = /home/%D/%U > template shell = /bin/bash > usershare allow guests = No > winbind refresh tickets = yes > winbind cache time = 3600 > workgroup = HQ > winbind use default domain = yes > winbind enum users = Yes > winbind enum groups = Yes > winbind nested groups = Yes > winbind nss info = sfu > winbind offline logon = Yes > winbind use default domain = yes > debuglevel = 4 > log level = 4 > > I was able to easily view users and groups on the domain, and the group > info would be extracted easily. > > I recently applied available patches to the computer, because there were > some issues with cdrom access for domain users, and Ximian evolution > connection to Microsoft exchange that went away only on updating. > > However, now I can see uids for users, but the gids are not getting > resolved. I am attaching sample output below: > opensuse:~ # id prajjwal > uid=10000(prajjwal) gid=10000 > groups=10000,10032,10133,10002,10117 > opensuse:~ # groups prajjwal > id: cannot find name for group ID 10000 > 10000 id: cannot find name for group ID 10032 > 10032 id: cannot find name for group ID 10133 > 10133 id: cannot find name for group ID 10002 > 10002 id: cannot find name for group ID 10117 > 10117 > > As samba-client and samba-winbind on the server were 3.0.23 even on > updating, I even tried manually downloading the latest rpms from the > opensuse ftp site and installing them. However, my problem still > remains. My installed samba packages are listed below: > > opensuse:~ # rpm -qa|grep samba > kdebase3-samba-3.5.5-78 > yast2-samba-client-2.14.4-3 > yast2-samba-server-2.14.3-10 > samba-client-3.0.24-12.1.55 > samba-winbind-3.0.24-12.1.55 > > Extra information: > > wbinfo -u and wbinfo -g both return proper domain user and group > listings. wbinfo -p also returns a successful result. > > After doing getent group for a particular group, then that group can get > resolved. For example, continuing on the information provided above: > opensuse:~ # getent group 'Domain Users' > domain users:x:10000:guest > opensuse:~ # groups prajjwal > id prdomain users id: cannot find name for group ID 10032 > 10032 id: cannot find name for group ID 10133 > 10133 id: cannot find name for group ID 10002 > 10002 id: cannot find name for group ID 10117 > 10117 > opensuse:~ # id prajjwal > uid=10000(prajjwal) gid=10000(domain users) groups=10000(domain > users),10032,10133,10002,10117 > > As you can see, now the uid 10000 is resolved as Domain users, while > other groups are still not resolved. > > All the other linux computers on my domain are running fine: I have got > centos 4, fedora core 5, and opensuse 10.2 running. > > Can anyone help me get this problem sorted out? > > Thanks a lot, > Prajjwal