Hi,
I have a problem with the combo of CentOS 5.5, the latest Samba Packages
from Sernet and our Active Directory.
Samba Packages installed:
samba3-cifsmount-3.5.8-43.el5
samba3-client-3.5.8-43.el5
samba3-3.5.8-43.el5
samba3-utils-3.5.8-43.el5
samba3-winbind-32bit-3.5.8-43.el5
samba3-winbind-3.5.8-43.el5
When I try to get all users or groups via getent command, only local
users/groups are displayed.
If I try to fetch information for an individual user or group by getent
everything is working as expected.
"getent passwd cvadmin" shows:
cvadmin:*:5582:499:cvadmin:/home/cvadmin:/bin/sh
but
"getent passwd" only shows local users
nsswitch.conf is configured, domain join was successful and my smb.conf
looks like this:
[global]
workgroup = MYDOMAIN
password server = ldap.mydomain.com
realm = MYDOMAIN.COM
security = ads
#idmap
idmap domains = BUILTIN, MYDOMAIN
idmap config MYDOMAIN:default = yes
idmap config MYDOMAIN:schema_mode = rfc2307
idmap config MYDOMAIN:backend = ad
idmap config MYDOMAIN:range = 100-500000
idmap alloc backend = tdb
idmap config BUILTIN:backend = tdb
idmap alloc backend = tdb
idmap uid = 100-500000
idmap gid = 100-500000
winbind nss info = rfc2307
winbind normalize names = yes
winbind use default domain = true
winbind offline logon = false
winbind cache time = 180
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = Yes
server string = %h
auth methods = winbind
allow trusted domains = No
We have 2 other Samba Servers using an older Version of Samba with
different configurations (old idmap schema) which both works properly.
Any suggestion how we could solve the problem?
Cheers,
Daniel
Hi No?,
thank you for your quick reply.
cvadmin is a domain user.
Interesting that you have no problems using the old schema.
If I try in /etc/samba/smb.conf
[global]
workgroup = MYDOMAIN
password server = ldap.mydomain.com
realm = MYDOMAIN.COM
security = ads
idmap uid = 100-500000
idmap gid = 100-500000
idmap backend = ad
winbind nss info = rfc2307
winbind normalize names = yes
winbind use default domain = true
winbind offline logon = false
winbind cache time = 180
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = Yes
No domainuser could be resolved anymore. Same config work on our other samba
servers.
/var/log/samba/log.winbind-idmap shows:
[2011/04/11 12:24:13.560317, 3, effective(0, 0), real(0, 0)]
libsmb/namequery.c:1880(get_dc_list)
get_dc_list: preferred server list: ", *"
[2011/04/11 12:24:13.560365, 3, effective(0, 0), real(0, 0)]
libsmb/namequery.c:1119(resolve_lmhosts)
resolve_lmhosts: Attempting lmhosts lookup for name *<0x1c>
[2011/04/11 12:24:13.560467, 3, effective(0, 0), real(0, 0)]
libsmb/namequery_dc.c:169(rpc_dc_name)
Could not look up dc's for domain *
[2011/04/11 12:24:13.560487, 0, effective(0, 0), real(0, 0)]
libads/ldap.c:337(ads_find_dc)
ads_find_dc: no realm or workgroup! Don't know what to do
[2011/04/11 12:24:13.560505, 1, effective(0, 0), real(0, 0)]
winbindd/idmap_ad.c:143(ad_idmap_cached_connection_internal)
ad_idmap_init: failed to connect to AD
[2011/04/11 12:24:13.560518, 1, effective(0, 0), real(0, 0)]
winbindd/idmap_ad.c:543(idmap_ad_sids_to_unixids)
ADS uninitialized: Invalid parameter
[2011/04/11 12:24:13.560564, 3, effective(0, 0), real(0, 0)]
winbindd/idmap.c:684(idmap_new_mapping)
default domain not writable
Cheers,
Daniel
Von: No? Puyal [mailto:npuyal at valls.cat]
Gesendet: Montag, 11. April 2011 10:41
An: Zabel, Daniel
Betreff: Re: [Samba] getent passwd strange behavior
Hi Daniel
First of all, one question, cvadmin is a domain user or local user?
If cvadmin is a local user you should raise the 100 to a number after the last
UID and GID.
Also, as you said, I have all my samba servers with old idmap schema working
properly.
Good morning
El lun, 11-04-2011 a las 09:38 +0200, Zabel, Daniel escribi?:
idmap uid = 100-500000
idmap gid = 100-500000
Can anybody give me a hint where get_dc_list fetches the entries. Because --------- [2011/04/11 12:24:13.560317, 3, effective(0, 0), real(0, 0)] libsmb/namequery.c:1880(get_dc_list) get_dc_list: preferred server list: ", *" --------- seems to be wrong. Cheers, Daniel