Oliver Weinmann
2009-Sep-02 10:33 UTC
[Samba] Samba 3.4 is unable to list users with getent and id (idmap_ad backend)
Dear All,
I'm using Samba Version 3.2.6 under Solaris 8 with the following config:
netbios name = pegasus
realm = REALM.NET
workgroup = REALM
security = ADS
encrypt passwords = yes
password server = *
os level = 20
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
idmap backend = ad
idmap config REALM:schema_mode = sfu
winbind nss info = sfu
allow trusted domains = no
winbind enum users = no
winbind enum groups = no
preferred master = no
winbind nested groups = Yes
winbind use default domain = Yes
max log size = 50
log file = /var/log/samba/log.%m
dns proxy = no
wins server = 172.20.200.18 172.18.200.20
allow trusted domains = No
client use spnego = Yes
use kerberos keytab = true
winbind refresh tickets = yes
This is working fine.
Recently I compiled Samba 3.4 for Solaris 10 and I just can't get it to
work with the idmap backend ad.
Wbinfo -u and wbinfo -g show all my AD users but id username and getent
passwd username shows nothing. The logs don't show anything suspicious
except this error:
lib/C.msg: No such file or directory
I checked on the Solaris 8 box and this file doesn't exist either. So I
suspect it not the be the cause of the problem.
I noticed that the smb.conf needed some adjustment in samba 3.3.2. I got
this working using:
idmap config REALM : backend = ad
idmap config REALM : schema_mode = sfu
idmap config REALM : range = 0-99999999
Instead of idmap backend = ad
But with 3.4 I had no luck.
This is what my current config on Samba 3.4 looks like:
[global]
netbios name = Phobos
realm = REALM.NET
workgroup = REALM
security = ADS
encrypt passwords = yes
password server = *
os level = 20
#idmap backend = ad
idmap config REALM : backend = ad
idmap config REALM:schema_mode = sfu
idmap config REALM : range = 0-99999999
winbind nss info = sfu
winbind enum users = yes
winbind enum groups = yes
preferred master = no
winbind nested groups = Yes
winbind use default domain = Yes
max log size = 50
log file = /var/log/samba/log.%m
log level = 10
dns proxy = no
wins server = 172.20.200.18 172.18.200.20
allow trusted domains = no
client use spnego = Yes
#use kerberos keytab = true
winbind refresh tickets = yes
Any help would be appreciated. If I can't get it working I might need to
get back using an older Version like 3.2.6.
Regards,
Oliver
Alexander Födisch
2009-Sep-04 11:20 UTC
[Samba] Samba 3.4 is unable to list users with getent and id (idmap_ad backend)
Hi, I have the same problem with samba 3.3.7: On a member server (samba 3.3.7-39) I can query users and groups with "wbinfo -u|-g" and "getent passwd|groups". Both tools are working fine. But "id <user>" or "getent passwd <user>" does not work. When connecting to a share, the authorization also fails with error "NT_STATUS_NO_SUCH_USER" my /etc/nsswitch.conf: passwd: compat winbind group: compat winbind Any ideas? Thanks, Alex Oliver Weinmann schrieb:> Dear All, > > I'm using Samba Version 3.2.6 under Solaris 8 with the following config: > > netbios name = pegasus > realm = REALM.NET > workgroup = REALM > security = ADS > encrypt passwords = yes > password server = * > os level = 20 > socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 > idmap backend = ad > idmap config REALM:schema_mode = sfu > winbind nss info = sfu > allow trusted domains = no > winbind enum users = no > winbind enum groups = no > preferred master = no > winbind nested groups = Yes > winbind use default domain = Yes > max log size = 50 > log file = /var/log/samba/log.%m > dns proxy = no > wins server = 172.20.200.18 172.18.200.20 > allow trusted domains = No > client use spnego = Yes > use kerberos keytab = true > winbind refresh tickets = yes > > This is working fine. > > Recently I compiled Samba 3.4 for Solaris 10 and I just can't get it to > work with the idmap backend ad. > > Wbinfo -u and wbinfo -g show all my AD users but id username and getent > passwd username shows nothing. The logs don't show anything suspicious > except this error: > > lib/C.msg: No such file or directory > > I checked on the Solaris 8 box and this file doesn't exist either. So I > suspect it not the be the cause of the problem. > > I noticed that the smb.conf needed some adjustment in samba 3.3.2. I got > this working using: > > idmap config REALM : backend = ad > idmap config REALM : schema_mode = sfu > idmap config REALM : range = 0-99999999 > > Instead of idmap backend = ad > > But with 3.4 I had no luck. > > This is what my current config on Samba 3.4 looks like: > > [global] > netbios name = Phobos > realm = REALM.NET > workgroup = REALM > security = ADS > encrypt passwords = yes > password server = * > os level = 20 > #idmap backend = ad > idmap config REALM : backend = ad > idmap config REALM:schema_mode = sfu > idmap config REALM : range = 0-99999999 > winbind nss info = sfu > winbind enum users = yes > winbind enum groups = yes > preferred master = no > winbind nested groups = Yes > winbind use default domain = Yes > max log size = 50 > log file = /var/log/samba/log.%m > log level = 10 > dns proxy = no > wins server = 172.20.200.18 172.18.200.20 > allow trusted domains = no > client use spnego = Yes > #use kerberos keytab = true > winbind refresh tickets = yes > > Any help would be appreciated. If I can't get it working I might need to > get back using an older Version like 3.2.6. > > Regards, > Oliver-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5905 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.samba.org/pipermail/samba/attachments/20090904/ace16304/attachment.bin>