Jeff LePage
2008-Aug-02 04:39 UTC
[Samba] wbinfo -u and -g work, getent passwd works, getent group DOES NOT WORK
Hi,
I'm trying to get some Ubuntu8.04 clients to authenticate to an Ubuntu8.04
Samba domain controller. Everyone is running Samba 3.0.28a.
Side question: should I upgrade to 3.2? Keep in mind that means finding
binaries for ubuntu or compiling from source for a server and 20 clients.
Basically wbinfo -u and -g work, getent passwd works, getent group DOES NOT
WORK.
My domain is called ORA and I've set up some test users,etc. See the output
of wbinfo and getent below. Following the output of wbinfo is my smb.conf's
for the server and client.
When my domain users login everything works except that there's no group
name, only a gid.
in the log.winbind I get this:
[2008/08/01 22:11:26, 1] nsswitch/winbindd_group.c:fill_grent_mem(365)
could not lookup membership for group sid
S-1-5-21-2023487214-2483299788-1506694197-1009 in domain ORA (error:
NT_STATUS_NO_SUCH_GROUP)
[2008/08/01 22:11:26, 0] nsswitch/winbindd_group.c:winbindd_getgrent(1110)
could not lookup domain group ORA\bob3
output of getent and wbinfo
----------------------------------
ubuntu01@ubuntu19:~$ wbinfo -u
ORA\bob3
ORA\smbadmin
ORA\bob4
ORA\bob
ORA\bob2
ubuntu01@ubuntu19:~$ wbinfo -g
BUILTIN\administrators
BUILTIN\users
ORA\bob
ORA\domain admins
ORA\bob3
ORA\bob4
ORA\bob2
ORA\server admins
ORA\hosts
ubuntu01@ubuntu19:~$ getent passwd | egrep ORA
ORA\bob3:*:31006:10513::/home/ORA/bob3:/bin/bash
ORA\smbadmin:*:13016:10513::/home/ORA/smbadmin:/bin/bash
ORA\bob4:*:31008:10513::/home/ORA/bob4:/bin/bash
ORA\bob:*:13012:10513::/home/ORA/bob:/bin/bash
ORA\bob2:*:31000:10513::/home/ORA/bob2:/bin/bash
ubuntu01@ubuntu19:~$ getent group | egrep ORA
ubuntu01@ubuntu19:~$ getent group | tail -5
sambashare:x:125:ubuntu01
winbindd_priv:x:126:
dirmngr:x:127:
BUILTIN\administrators:x:10000:
BUILTIN\users:x:10001:
ubuntu01@ubuntu19:~$ smbd -V
Version 3.0.28a
ubuntu01@ubuntu19:~$
smb.conf for server:
------------------------
[global]
log level = 2
workgroup = ORA
netbios name = SAMBA1
server string = %h server (Samba, Ubuntu)
passdb backend = tdbsam
security = user
encrypt passwords = yes
domain logons = yes
preferred master = yes
logon path =
logon home =
logon drive = P:
enable privileges = yes
domain master = yes
os level = 33
local master = yes
add machine script = /usr/sbin/useradd -g hosts -s /bin/false
'%u'
add user script = /usr/sbin/useradd -m '%u'
delete user script = /usr/sbin/userdel '%u'
rename user script = /usr/sbin/usermod -l '%unew'
'%uold'
add group script = /usr/sbin/groupadd '%g'
delete group script = /usr/sbin/groupdel '%g'
add user to group script = /usr/sbin/usermod -a -G '%g'
'%u'
delete user from group script = deluser '%u' '%g'
set primary group script = /usr/sbin/usermod -g '%g'
'%u'
[public]
path = /export/tmp
read only = No
[netlogon]
comment = Net Logon service
path = /data/netlogon
read only = yes
write list = +ntadmin
[profiles]
comment = User roaming profiles
path = /data/profiles
valid users = %U
create mask = 0600
directory mask = 0700
read only = no
guest ok = no
[homes]
comment = Home directory for %U
read only = no
valid users = %S
smb.conf for client
-------------------------
[global]
workgroup = ORA
server string = %h server (Samba, Ubuntu)
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = Domain
encrypt passwords = true
password server = samba1
passdb backend = tdbsam
obey pam restrictions = yes
invalid users = root
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:*
%n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
socket options = TCP_NODELAY
allow trusted domains = no
idmap backend = rid:ORA=10000-2000000
idmap uid = 10000-2000000
idmap gid = 10000-2000000
template shell = /bin/bash
template homedir = /home/%D/%U
winbind cache time = 0
winbind enum users = yes
winbind enum groups = yes
usershare allow guests = yes
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
Helmut Hullen
2008-Aug-02 06:49 UTC
[Samba] wbinfo -u and -g work, getent passwd works, getent group DOES NOT WORK
Hallo, Jeff, Du (Jeff.LePage) meintest am 01.08.08:> I'm trying to get some Ubuntu8.04 clients to authenticate to an > Ubuntu8.04 Samba domain controller. Everyone is running Samba > 3.0.28a.[...]> My domain is called ORA and I've set up some test users,etc. See the > output of wbinfo and getent below. Following the output of wbinfo is > my smb.conf's for the server and client.> When my domain users login everything works except that there's no > group name, only a gid. in the log.winbind I get this:> [2008/08/01 22:11:26, 1] nsswitch/winbindd_group.c:fill_grent_mem(365 > ) could not lookup membership for group sid > S-1-5-21-2023487214-2483299788-1506694197-1009 in domain ORA (error: > NT_STATUS_NO_SUCH_GROUP)Do you really need winbind? My LANs (Linux Samba server 3.0.3x, Windows clients) run without it. Viele Gruesse! Helmut
John Drescher
2008-Aug-02 15:01 UTC
[Samba] wbinfo -u and -g work, getent passwd works, getent group DOES NOT WORK
> Do you really need winbind? > > My LANs (Linux Samba server 3.0.3x, Windows clients) run without it. >I have found that if you have domain member servers in addition to your PDC and BDCs you will need winbind if you want to have ACLs working correctly in windows. Without winbind the domain member servers show only SIDs in the XP properties dialog. John