Please help. I've been searching for days, trying nearly everything I can
find that seems relevant, but I can't get this working.
I am able to create users, login to Windows systems joined to the SAMBA domain
as those users, but filesystem ACLs on Windows Domain Member Servers do not work
which I suspect is due to my IDMAP OU is empty.
wbinfo -u returns "Error looking up domain users"
wbinfo -g returns:
BUILTIN/administrators
BUILTIN/users
wbinfo -t returns "checking the trust secret via RPC calls succeeded"
getent passwd
-and-
getent group
list all my local and domain users and groups respectively.
When running wbinfo -u my log.winbindd shows:
[2008/12/26 12:24:52, 10] nsswitch/winbindd.c:process_request(314)
process_request: request fn SID_TO_GID
[2008/12/26 12:24:52, 3] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(308)
[23999]: sid to gid S-1-5-32-546
[2008/12/26 12:24:52, 10]
nsswitch/winbindd_util.c:find_lookup_domain_from_sid(673)
find_lookup_domain_from_sid(S-1-5-32-546)
[2008/12/26 12:24:52, 10]
nsswitch/winbindd_util.c:find_lookup_domain_from_sid(676)
calling find_domain_from_sid
[2008/12/26 12:24:52, 10]
nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
Retrieving response for pid 23794
[2008/12/26 12:24:52, 5] nsswitch/winbindd_async.c:lookupsid_recv(706)
lookupsid returned an error
[2008/12/26 12:24:52, 5] nsswitch/winbindd_sid.c:sid2gid_lookupsid_recv(274)
sid2gid_lookupsid_recv: Could not convert get sid type for S-1-5-32-546
[2008/12/26 12:24:52, 10] nsswitch/winbindd.c:process_request(314)
process_request: request fn PING
[2008/12/26 12:24:52, 3] nsswitch/winbindd_misc.c:winbindd_ping(470)
[23999]: ping
smbldap-tools seem to function correctly
net commands seem to function correctly.
Any idea where the problem might be?
Thank you!
Ubuntu 8.04 LTS
Samba 3.0.28a
OpenLDAP 2.4.9
smb.conf:
[global]
unix charset = LOCALE
workgroup = VOICECURVE
server string = %h server (Samba, Ubuntu)
map to guest = Bad User
passdb backend = ldapsam
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*
log level = 3 passdb:5 auth:10 winbind:10
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
time server = Yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p -a "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
logon path =
domain logons = Yes
os level = 35
domain master = Yes
dns proxy = No
wins support = Yes
ldap admin dn = cn=admin,dc=voicecurve,dc=com
ldap delete dn = Yes
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=voicecurve,dc=com
ldap user suffix = ou=Users
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap domains = VOICECURVE
idmap alloc backend = ldap
winbind separator = /
winbind enum users = Yes
winbind enum groups = Yes
idmap alloc config:range = 10000 - 10000000
idmap alloc config:ldap_url = ldap://localhost/
idmap alloc config:ldap_user_dn = cn=admin,dc=voicecurve,dc=com
idmap alloc config:ldap_base_dn = ou=idmap,dc=voicecurve,dc=com
idmap config VOICECURVE:range = 10000 - 10000000
idmap config VOICECURVE:ldap_url = ldap://localhost/
idmap config VOICECURVE:ldap_user_dn = cn=admin,dc=voicecurve,dc=com
idmap config VOICECURVE:ldap_base_dn = ou=idmap,dc=voicecurve,dc=com
idmap config VOICECURVE:backend = ldap
idmap config VOICECURVE:default = yes
ldapsam:editposix = yes
ldapsam:trusted = yes
nsswitch.conf:
passwd: compat ldap
group: compat ldap
shadow: compat ldap
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
