samba - Nov 2011 - getent passwd not returning users/groups

I'm trying to get my CentOS 5.6 machine setup as a Active Directory 
Domain Member with Windows 2008 level domain and samba 3.5. I haven't 
tried this before.

I can successfully join the domain and return users using 'wbinfo -u' 
and groups with 'wbinfo -g' but when I try 'getent passwd' I
only get
the local users. I'm not sure what element that indicates is failing in 
the process. I'm not confident in my pam.d/ setup since different guides 
show different methods of setting this up. The /etc/nsswitch.conf file 
has been edited to include winbind as a source for passwd/shadow/group.

The only insightful error message I see in the samba logs is this 
(repeated over and over in all the logs) but I haven't found the 
solution. Is this the cause of my problems? How do I disable spinlocks? 
I'm using a prebuilt package from sernet

[2011/11/01 16:46:19.979981,  1] lib/util_tdb.c:385(tdb_log)
   tdb(unnamed): tdb_open_ex: spinlocks no longer supported

Here is my samba configuration dumped from smbtest:

[root at sambatest ~]# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section "[test]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

[global]
         workgroup = SHAMOFFICE
         realm = SHAMBHALA-OFFICE.LOCAL
         interfaces = 127.0.0.1, eth0
         bind interfaces only = Yes
         security = ADS
         printcap name = cups
         idmap backend = ad
         idmap uid = 10000-20000
         idmap gid = 30000-40000
         winbind enum users = Yes
         winbind enum groups = Yes
         winbind use default domain = Yes
         idmap config SHAMOFFICE : schema_mode = rfc2307
         idmap config SHAMOFFICE : range = 4000-5000
         idmap config SHAMOFFICE : backend = ad
         idmap config * : range = 2000-3000
         idmap config * : backend = tdb

[test]
         comment = Directory for storing pictures by jims users
         path = /local/test
         read only = No
         guest ok = Yes

Shot in the dark.. is nscd running?
I have been bitten by that a few times.

On 11/1/2011 5:04 PM, James Chase wrote:
> I'm trying to get my CentOS 5.6 machine setup as a Active Directory 
> Domain Member with Windows 2008 level domain and samba 3.5. I haven't 
> tried this before.
>
> I can successfully join the domain and return users using 'wbinfo
-u'
> and groups with 'wbinfo -g' but when I try 'getent passwd'
I only get
> the local users. I'm not sure what element that indicates is failing 
> in the process. I'm not confident in my pam.d/ setup since different 
> guides show different methods of setting this up. The 
> /etc/nsswitch.conf file has been edited to include winbind as a source 
> for passwd/shadow/group.
>
> The only insightful error message I see in the samba logs is this 
> (repeated over and over in all the logs) but I haven't found the 
> solution. Is this the cause of my problems? How do I disable 
> spinlocks? I'm using a prebuilt package from sernet
>
> [2011/11/01 16:46:19.979981,  1] lib/util_tdb.c:385(tdb_log)
>   tdb(unnamed): tdb_open_ex: spinlocks no longer supported
>
> Here is my samba configuration dumped from smbtest:
>
> [root at sambatest ~]# testparm
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
> Processing section "[test]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_MEMBER
> Press enter to see a dump of your service definitions
>
> [global]
>         workgroup = SHAMOFFICE
>         realm = SHAMBHALA-OFFICE.LOCAL
>         interfaces = 127.0.0.1, eth0
>         bind interfaces only = Yes
>         security = ADS
>         printcap name = cups
>         idmap backend = ad
>         idmap uid = 10000-20000
>         idmap gid = 30000-40000
>         winbind enum users = Yes
>         winbind enum groups = Yes
>         winbind use default domain = Yes
>         idmap config SHAMOFFICE : schema_mode = rfc2307
>         idmap config SHAMOFFICE : range = 4000-5000
>         idmap config SHAMOFFICE : backend = ad
>         idmap config * : range = 2000-3000
>         idmap config * : backend = tdb
>
> [test]
>         comment = Directory for storing pictures by jims users
>         path = /local/test
>         read only = No
>         guest ok = Yes
>
>
>
>
>

I tried a second install of CentOS with X, thinking perhaps the GUI 
setup might do something that I was missing in terms of getting samba 
connected to active directory. However I still can't get this to work 
(now wbinfo doesn't seem to work either) in CentOS. I also tried Fedora 14.

Then I tried a Ubuntu 11 install and followed their instructions from 
the wiki: https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto

And it worked! I tried to apply the same settings to CentOS setup but I 
still get no output from 'getent passwd'.

Ubuntu is running version 3.5.11 while CentoS is 3.5.4. Think my best 
bet is building from source and trying 3.5.11 or 3.5.12 on CentOS? Are 
there any critical flags that need to be set during the configuration to 
make sure samba will work with active directory/winbind?

James

> I'm trying to get my CentOS 5.6 machine setup as a Active Directory 
> Domain Member with Windows 2008 level domain and samba 3.5. I haven't 
> tried this before.
>
> I can successfully join the domain and return users using 'wbinfo
-u'
> and groups with 'wbinfo -g' but when I try 'getent passwd'
I only get
> the local users. I'm not sure what element that indicates is failing 
> in the process. I'm not confident in my pam.d/ setup since different 
> guides show different methods of setting this up. The 
> /etc/nsswitch.conf file has been edited to include winbind as a source 
> for passwd/shadow/group.
>
> The only insightful error message I see in the samba logs is this 
> (repeated over and over in all the logs) but I haven't found the 
> solution. Is this the cause of my problems? How do I disable 
> spinlocks? I'm using a prebuilt package from sernet
>
> [2011/11/01 16:46:19.979981,  1] lib/util_tdb.c:385(tdb_log)
>   tdb(unnamed): tdb_open_ex: spinlocks no longer supported
>
> Here is my samba configuration dumped from smbtest:
>
> [root at sambatest ~]# testparm
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
> Processing section "[test]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_MEMBER
> Press enter to see a dump of your service definitions
>
> [global]
>         workgroup = SHAMOFFICE
>         realm = SHAMBHALA-OFFICE.LOCAL
>         interfaces = 127.0.0.1, eth0
>         bind interfaces only = Yes
>         security = ADS
>         printcap name = cups
>         idmap backend = ad
>         idmap uid = 10000-20000
>         idmap gid = 30000-40000
>         winbind enum users = Yes
>         winbind enum groups = Yes
>         winbind use default domain = Yes
>         idmap config SHAMOFFICE : schema_mode = rfc2307
>         idmap config SHAMOFFICE : range = 4000-5000
>         idmap config SHAMOFFICE : backend = ad
>         idmap config * : range = 2000-3000
>         idmap config * : backend = tdb
>
> [test]
>         comment = Directory for storing pictures by jims users
>         path = /local/test
>         read only = No
>         guest ok = Yes
>
>
>
>