Robert Fraser
2008-Aug-25 13:03 UTC
[Samba] wbinfo works fine, getent only works for builtin groups
Hi I am having a lot of trouble getting users from a trusted domain to access shares and files. getent passwd / get group doesn't retrieve domain users or groups, so I can't set permissions for the users or groups from the trusted domain The domain having problems is: Ubuntu 6.06 Server Samba Version 3.0.22 The trusted domain is: Ubuntu 8.04 Server Samba Version 3.0.28a wbinfo -u and wbinfo -g work fine and bring up a list of the trusted domain users and groups wbinfo --sid-to-name=SID, --authenticate=user%password, -t, --trusted-domains all work fine for the local domain and the trusted domain When I do a getent passwd, I only get the local /etc/passwd users When I do a getent group, I get the local /etc/group groups, and the BUILTIN\administrators and BUILTIN\users After a getent, log.winbind is full of entries like this: [2008/08/26 00:29:10, 10] nsswitch/winbindd_group.c:winbindd_getgrent(1006) SID S-1-5-21-2824201121-3407686785-855272569-3033 not in idmap [2008/08/26 00:29:10, 1] nsswitch/winbindd_group.c:winbindd_getgrent(1011) could not look up gid for group CADUsers [2008/08/26 00:29:10, 10] nsswitch/winbindd_group.c:winbindd_getgrent(961) entry_index = 3, num_entries = 8 [2008/08/26 00:29:10, 10] nsswitch/idmap_cache.c:idmap_cache_set_negative_sid(258) Adding cache entry with key IDMAP/SID/S-1-5-21-2824201121-3407686785-855272569-3039; value 1219667470/IDMAP/NEGATIVE and timeout = Tue Aug 26 00:31:10 200 8 (120 seconds ahead) [2008/08/26 00:29:10, 10] nsswitch/winbindd_group.c:winbindd_getgrent(1006) SID S-1-5-21-2824201121-3407686785-855272569-3039 not in idmap [2008/08/26 00:29:10, 1] nsswitch/winbindd_group.c:winbindd_getgrent(1011) could not look up gid for group dundirectors [2008/08/26 00:29:10, 10] nsswitch/winbindd_group.c:winbindd_getgrent(961) entry_index = 4, num_entries = 8 [2008/08/26 00:29:10, 10] nsswitch/idmap_cache.c:idmap_cache_set_negative_sid(258) Adding cache entry with key IDMAP/SID/S-1-5-21-2824201121-3407686785-855272569-513; value 1219667470/IDMAP/NEGATIVE and timeout = Tue Aug 26 00:31:10 2008 (120 seconds ahead) [2008/08/26 00:29:10, 10] nsswitch/winbindd_group.c:winbindd_getgrent(1006) SID S-1-5-21-2824201121-3407686785-855272569-513 not in idmap [2008/08/26 00:29:10, 1] nsswitch/winbindd_group.c:winbindd_getgrent(1011) could not look up gid for group Domain Users [2008/08/26 00:29:10, 10] nsswitch/winbindd_group.c:winbindd_getgrent(961) entry_index = 5, num_entries = 8 [2008/08/26 00:29:10, 10] nsswitch/idmap_cache.c:idmap_cache_set_negative_sid(258) Adding cache entry with key IDMAP/SID/S-1-5-21-2824201121-3407686785-855272569-3029; value 1219667470/IDMAP/NEGATIVE and timeout = Tue Aug 26 00:31:10 200 8 (120 seconds ahead) Can anyone suggest what I can do to fix this? Thanks for any help Rob
Apparently Analagous Threads
- Problem with , in Common Name when running samba3 as ADS Member (Problem with Group-Contents)
- Interdomain Trust, wbinfo works on both servers, getent doesn't work on one server
- Winbind panic - bug #5551 not completely solved in version 3.0.31?
- Winbind syslog errors and Domain Local Groups
- getent passwd fails inside freebsd jail using samba 3.4.14
Wisdom of the Ancients
