Jonathan Detert
2008-Apr-15 20:57 UTC
[Samba] how to make 'winbind nss info = sfu' work in v >= 3.0.26a
There is an instance of Ms.Active Directory that has had the 'Services For Unix' applied. I use winbind v3.0.24 to get user/group info from that Ms.Active directory instance like so: -------- begin smb.conf snippet: ------------ security = ADS realm = mydomain.com workgroup = MYDOMAIN winbind enum groups = yes winbind enum users = yes winbind nested groups = yes winbind nss info = sfu winbind separator = + winbind use default domain = yes idmap gid = 500-45000 idmap uid = 500-45000 idmap backend = ad -------- end smb.conf snippet: ------------ that works fine on ubuntu v7.04. The same config, shown above, does not work under winbind v3.0.26a running on ubuntu v7.10. I can turn an name into a sid, and the sid back into a name (via wbinfo -n and -s, respectively), but I can't turn a sid into a unix uid or gid (via the -S argument). Also, 'getent passwd' doesn't return any users from Active Directory. Any idea what's wrong? Is it my config? -- Jon Detert IT Systems Administrator, Milwaukee School of Engineering 1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A. -- Linus Torvalds can divide by zero.
Jonathan Detert
2008-Apr-16 18:41 UTC
[Samba] how to make 'winbind nss info = sfu' work in v >= 3.0.26a
At the suggestion of someone who replied offline, I tried replacing reference to 'sfu' with 'rfc2307', as well as converting to the newer idmap config directives. However, I still can't resolve sids to uids. Now, instead of complaining about not finding sfu.so, the log complains about not finding rfc2307.so: /* BEGIN log.wb-MYDOMAIN excerpt : */ [2008/04/16 13:21:15, 5] nsswitch/nss_info.c:smb_register_idmap_nss(79) smb_register_idmap_nss: Successfully added idmap nss backend 'template' [2008/04/16 13:21:15, 5] lib/module.c:smb_probe_module(108) Probing module 'rfc2307' [2008/04/16 13:21:15, 5] lib/module.c:smb_probe_module(119) Probing module 'rfc2307': Trying to load from /usr/lib/samba/nss_info/rfc2307.so [2008/04/16 13:21:15, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/lib/samba/nss_info/rfc2307.so': /usr/lib/samba/nss_info/rfc2307.so: cannot open shared object file: No such file or directory [2008/04/16 13:21:15, 3] nsswitch/nss_info.c:nss_init(209) nss_init: no nss backends configured. Defaulting to "template". /* END log.wb-MYDOMAIN excerpt */ It seems strange that log.winbindd-idmap says it successfully loaded nss backend 'sfu': /* BEGIN log.winbindd-idmap excerpt : */ [2008/04/16 13:21:15, 1] nsswitch/idmap.c:idmap_init(365) Initializing idmap domains [2008/04/16 13:21:15, 5] lib/module.c:smb_probe_module(108) Probing module 'ad' [2008/04/16 13:21:15, 5] lib/module.c:smb_probe_module(119) Probing module 'ad': Trying to load from /usr/lib/samba/idmap/ad.so [2008/04/16 13:21:15, 2] lib/module.c:do_smb_load_module(64) Module '/usr/lib/samba/idmap/ad.so' loaded [2008/04/16 13:21:15, 5] nsswitch/idmap.c:smb_register_idmap(163) Successfully added idmap backend 'ad' [2008/04/16 13:21:15, 5] nsswitch/nss_info.c:smb_register_idmap_nss(79) smb_register_idmap_nss: Successfully added idmap nss backend 'rfc2307' [2008/04/16 13:21:15, 5] nsswitch/nss_info.c:smb_register_idmap_nss(79) smb_register_idmap_nss: Successfully added idmap nss backend 'sfu' [2008/04/16 13:21:15, 5] nsswitch/idmap.c:idmap_init(452) Forcing to readonly, as this module can't store arbitrary mappings. /* END log.winbindd-idmap excerpt */ Anyone have an idea of what is messed up here? Thanks, Jon * Jonathan Detert <Jonathan.Detert@msoe.edu> [080415 16:00]:> There is an instance of Ms.Active Directory that has had the 'Services > For Unix' applied. > > I use winbind v3.0.24 to get user/group info from that Ms.Active directory > instance like so: > -------- begin smb.conf snippet: ------------ > security = ADS > realm = mydomain.com > workgroup = MYDOMAIN > > winbind enum groups = yes > winbind enum users = yes > winbind nested groups = yes > winbind nss info = sfu > winbind separator = + > winbind use default domain = yes > > idmap gid = 500-45000 > idmap uid = 500-45000 > idmap backend = ad > -------- end smb.conf snippet: ------------ > > that works fine on ubuntu v7.04. > > The same config, shown above, does not work under winbind v3.0.26a > running on ubuntu v7.10. I can turn an name into a sid, and the sid > back into a name (via wbinfo -n and -s, respectively), but I can't turn > a sid into a unix uid or gid (via the -S argument). Also, 'getent passwd' > doesn't return any users from Active Directory. > > Any idea what's wrong? Is it my config? > -- > Jon Detert > IT Systems Administrator, Milwaukee School of Engineering > 1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A. > -- > Linus Torvalds can divide by zero. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba-- Jon Detert IT Systems Administrator, Milwaukee School of Engineering 1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A. -- Fashion is a form of ugliness so intolerable that we have to alter it every six months. ~ Oscan Wilde
Maybe Matching Threads
- winbind can get uid and gid from sfu, but not homedir or loginshell
- winbind nss info = sfu is not so much working
- winbind: group name doesn't map to a SID, but gid does
- winbind v3.0.26a w. nss info = sfu; wbinfo fine, getent not
- Re: winbind v3.0.26a w. nss info = sfu; wbinfo fine, getent not