I'm receiving the errors listed below. It also seems unable to map the root user uid 0 with this filter. That's not that big of a deal. Wbinfo -u and -g return output but getent passwd does not. This is Ubuntu 7 using debian packages. [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user DOMAIN\chapman [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is DOMAIN\chapman [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(83) Trying _Get_Pwnam(), username as given is DOMAIN\chapman [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(93) Trying _Get_Pwnam(), username as uppercase is DOMAIN\CHAPMAN [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(102) Checking combinations of 0 uppercase letters in DOMAIN\chapman [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals didn't find user [DOMAIN\chapman]! [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user chapman [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is chapman [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(93) Trying _Get_Pwnam(), username as uppercase is CHAPMAN [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(102) Checking combinations of 0 uppercase letters in chapman [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals didn't find user [chapman]! [2007/06/28 13:27:59, 1] smbd/sesssetup.c:reply_spnego_kerberos(439) Username DOMAIN\chapman is invalid on this system [2007/06/28 13:27:59, 3] smbd/error.c:error_packet_set(106) error packet at smbd/sesssetup.c(444) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE # Samba config file created using SWAT # from 172.16.30.30 (172.16.30.30) # Date: 2007/06/28 13:19:12 [global] workgroup = DOMAIN realm = DOMAIN.COM security = ADS passdb backend = tdbsam log level = 10 load printers = No ldap ssl = no idmap domains = ALLDOMAINS winbind enum users = Yes winbind enum groups = Yes idmap config ALLDOMAINS:range = 0 - 20000 idmap config ALLDOMAINS:default = yes idmap config ALLDOMAINS:backend = ad [data] path = /data read only = No [test2] path = /data
I'm using the following settings and its working for me now idmap domains = ALLDOMAINS idmap config ALLDOMAINS:backend = ad idmap config ALLDOMAINS:default = yes idmap config ALLDOMAINS:range = 10000 - 20000 winbind nss info = rfc2307 My problem was that it without the winbind nss info it was pulling the windows default groups which did not have RFC2307 attributes. Once I gave them attributes it started working then with help from Jerry I realized how to make it pull the rfc2307 fields instead. Once I cleared my winbind cache all worked great. -----Original Message----- From: Diego Julian Remolina [mailto:diego.remolina@ibb.gatech.edu] Sent: Friday, June 29, 2007 9:14 AM To: David W. Chapman Jr. Cc: samba@lists.samba.org Subject: Re: [Samba] 3.0.25a && rfc2307 I experienced the same behavior after upgrading to 3.0.25a and adding the idmap entries for my domain. As you can see, the entries below from my smb.conf are commented out. With the entries commented out, everything works. idmap uid = 10000-200000 idmap gid = 10000-200000 #idmap domains = PRAXIS3 #idmap config PRAXIS3: default = yes #idmap config PRAXIS3: backend = tdb #idmap config PRAXIS3: range = 10000 - 200000 How did I notice the problem? 1- I upgraded to 3.0.25a 2- Everything seemed to be ok until the moment I added a new user to AD 3- wbinfo -u would list the user, but getent passwd would not. Also, even when wbinfo -u would list all users, including the new one, wbinfo -i newusername would not provide any information. 4. I commented out the idmap fields, restarted samba and winbind, and sure enough all information was there afterwards. I did not debug this more since it is working and I only have one domain. I am not sure if this may hint that there is a bug, but I will be happy to test this time permiting if I receive proper instructions. Diego David W. Chapman Jr. wrote:> I'm receiving the errors listed below. It also seems unable to map theroot> user uid 0 with this filter. That's not that big of a deal. > > Wbinfo -u and -g return output but getent passwd does not. This is Ubuntu7> using debian packages. > > > [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user DOMAIN\chapman > [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is DOMAIN\chapman > [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(83) > Trying _Get_Pwnam(), username as given is DOMAIN\chapman > [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(93) > Trying _Get_Pwnam(), username as uppercase is DOMAIN\CHAPMAN > [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in DOMAIN\chapman > [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [DOMAIN\chapman]! > [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user chapman > [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is chapman > [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(93) > Trying _Get_Pwnam(), username as uppercase is CHAPMAN > [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in chapman > [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [chapman]! > [2007/06/28 13:27:59, 1] smbd/sesssetup.c:reply_spnego_kerberos(439) > Username DOMAIN\chapman is invalid on this system > [2007/06/28 13:27:59, 3] smbd/error.c:error_packet_set(106) > error packet at smbd/sesssetup.c(444) cmd=115 (SMBsesssetupX) > NT_STATUS_LOGON_FAILURE > > > # Samba config file created using SWAT > # from 172.16.30.30 (172.16.30.30) > # Date: 2007/06/28 13:19:12 > > [global] > workgroup = DOMAIN > realm = DOMAIN.COM > security = ADS > passdb backend = tdbsam > log level = 10 > load printers = No > ldap ssl = no > idmap domains = ALLDOMAINS > winbind enum users = Yes > winbind enum groups = Yes > idmap config ALLDOMAINS:range = 0 - 20000 > idmap config ALLDOMAINS:default = yes > idmap config ALLDOMAINS:backend = ad > > [data] > path = /data > read only = No > > [test2] > path = /data >
I experienced the same behavior after upgrading to 3.0.25a and adding the idmap entries for my domain. As you can see, the entries below from my smb.conf are commented out. With the entries commented out, everything works. idmap uid = 10000-200000 idmap gid = 10000-200000 #idmap domains = PRAXIS3 #idmap config PRAXIS3: default = yes #idmap config PRAXIS3: backend = tdb #idmap config PRAXIS3: range = 10000 - 200000 How did I notice the problem? 1- I upgraded to 3.0.25a 2- Everything seemed to be ok until the moment I added a new user to AD 3- wbinfo -u would list the user, but getent passwd would not. Also, even when wbinfo -u would list all users, including the new one, wbinfo -i newusername would not provide any information. 4. I commented out the idmap fields, restarted samba and winbind, and sure enough all information was there afterwards. I did not debug this more since it is working and I only have one domain. I am not sure if this may hint that there is a bug, but I will be happy to test this time permiting if I receive proper instructions. Diego David W. Chapman Jr. wrote:> I'm receiving the errors listed below. It also seems unable to map the root > user uid 0 with this filter. That's not that big of a deal. > > Wbinfo -u and -g return output but getent passwd does not. This is Ubuntu 7 > using debian packages. > > > [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user DOMAIN\chapman > [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is DOMAIN\chapman > [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(83) > Trying _Get_Pwnam(), username as given is DOMAIN\chapman > [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(93) > Trying _Get_Pwnam(), username as uppercase is DOMAIN\CHAPMAN > [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in DOMAIN\chapman > [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [DOMAIN\chapman]! > [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user chapman > [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is chapman > [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(93) > Trying _Get_Pwnam(), username as uppercase is CHAPMAN > [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in chapman > [2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [chapman]! > [2007/06/28 13:27:59, 1] smbd/sesssetup.c:reply_spnego_kerberos(439) > Username DOMAIN\chapman is invalid on this system > [2007/06/28 13:27:59, 3] smbd/error.c:error_packet_set(106) > error packet at smbd/sesssetup.c(444) cmd=115 (SMBsesssetupX) > NT_STATUS_LOGON_FAILURE > > > # Samba config file created using SWAT > # from 172.16.30.30 (172.16.30.30) > # Date: 2007/06/28 13:19:12 > > [global] > workgroup = DOMAIN > realm = DOMAIN.COM > security = ADS > passdb backend = tdbsam > log level = 10 > load printers = No > ldap ssl = no > idmap domains = ALLDOMAINS > winbind enum users = Yes > winbind enum groups = Yes > idmap config ALLDOMAINS:range = 0 - 20000 > idmap config ALLDOMAINS:default = yes > idmap config ALLDOMAINS:backend = ad > > [data] > path = /data > read only = No > > [test2] > path = /data >