Hi everyone,
I'm trying to use winbind as nsswitch module on a domain member against a
samba PDC, and it used to work fine with samba 3.4. But now after upgrading to
3.5.11, getent group/passwd don't show domain users/groups anymore. However
wbinfo -g and wbinfo -u work as expected. Also:
# wbinfo -i matare
matare:*:50011:50000:Victor Matar?:/home/SGI/matare:/bin/false
# wbinfo -U 50011
S-1-5-21-154097467-3372353439-1977514440-3032
# wbinfo -G 50000
S-1-5-21-154097467-3372353439-1977514440-513
# wbinfo -s S-1-5-21-154097467-3372353439-1977514440-3032
SGI\matare 1
# wbinfo -s S-1-5-21-154097467-3372353439-1977514440-513
SGI\Domain Users 2
But getent passwd/group shows only local users. My smb.conf on the member looks
like this:
[global]
workgroup = SGI
server string = Auerhahn
security = domain
password server = BUSSARD GIRLITZ
log file = /var/log/samba/log.%m
log level = 2 winbind:10
max log size = 50
winbind expand groups = 4
winbind nested groups = yes
winbind enum groups = yes
winbind enum users = yes
idmap uid = 50000-500000
idmap gid = 50000-500000
winbind use default domain = yes
idmap config SGI:range = 50000-500000
I really don't see the problem the nss_winbind module might be having:
# strace -e trace=file getent group
execve("/usr/bin/getent", ["getent", "group"], [/*
40 vars */]) = 0
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib64/libc.so.6", O_RDONLY) = 3
open("/usr/lib64/locale/locale-archive", O_RDONLY) = 3
open("/etc/nsswitch.conf", O_RDONLY) = 3
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib64/libnss_files.so.2", O_RDONLY) = 3
open("/etc/group", O_RDONLY|O_CLOEXEC) = 3
root:x:0:root
bin:x:1:root,bin,daemon
[... prints local UNIX groups ...]
postgres:x:70:
open("/etc/ld.so.cache", O_RDONLY) = 4
open("/lib64/libnss_winbind.so.2", O_RDONLY) = 4
lstat("/tmp/.winbindd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/tmp/.winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...})
= 0
lstat("/var/cache/samba/winbindd_privileged", {st_mode=S_IFDIR|0750,
st_size=4096, ...}) = 0
lstat("/var/cache/samba/winbindd_privileged/pipe",
{st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
And that's it. I also can't make out any error message in the logs, not
even with log level 10. On the PDC and BDC, getent group works perfectly (also
both via nss_winbind). Seriously, I'm out of ideas. Any pointer is greatly
appreciated.
--
Victor Matar?
Sysadmin
Lehrstuhl f?r Ingenieur- und Hydrogeologie der RWTH Aachen
Lochnerstra?e 4-20
52064 Aachen
Ph: +49-241-8096778
Fx: +49-241-8092280
http://www.lih.rwth-aachen.de
Does it work if you explicitly state a domain user?
e.g
getent passwd "TRUSTEDOMAIN\someuser"
I have the same symptom on my system- I don't think it actually breaks
anything.
On 11/02/2011 12:26 PM, Victor Matar? wrote:> Hi everyone,
>
> I'm trying to use winbind as nsswitch module on a domain member against
a samba PDC, and it used to work fine with samba 3.4. But now after upgrading to
3.5.11, getent group/passwd don't show domain users/groups anymore. However
wbinfo -g and wbinfo -u work as expected. Also:
>
> # wbinfo -i matare
> matare:*:50011:50000:Victor Matar?:/home/SGI/matare:/bin/false
> # wbinfo -U 50011
> S-1-5-21-154097467-3372353439-1977514440-3032
> # wbinfo -G 50000
> S-1-5-21-154097467-3372353439-1977514440-513
> # wbinfo -s S-1-5-21-154097467-3372353439-1977514440-3032
> SGI\matare 1
> # wbinfo -s S-1-5-21-154097467-3372353439-1977514440-513
> SGI\Domain Users 2
>
> But getent passwd/group shows only local users. My smb.conf on the member
looks like this:
> [global]
> workgroup = SGI
> server string = Auerhahn
> security = domain
> password server = BUSSARD GIRLITZ
> log file = /var/log/samba/log.%m
> log level = 2 winbind:10
> max log size = 50
> winbind expand groups = 4
> winbind nested groups = yes
> winbind enum groups = yes
> winbind enum users = yes
> idmap uid = 50000-500000
> idmap gid = 50000-500000
> winbind use default domain = yes
> idmap config SGI:range = 50000-500000
>
> I really don't see the problem the nss_winbind module might be having:
>
> # strace -e trace=file getent group
> execve("/usr/bin/getent", ["getent",
"group"], [/* 40 vars */]) = 0
> access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file
or directory)
> open("/etc/ld.so.cache", O_RDONLY) = 3
> open("/lib64/libc.so.6", O_RDONLY) = 3
> open("/usr/lib64/locale/locale-archive", O_RDONLY) = 3
> open("/etc/nsswitch.conf", O_RDONLY) = 3
> open("/etc/ld.so.cache", O_RDONLY) = 3
> open("/lib64/libnss_files.so.2", O_RDONLY) = 3
> open("/etc/group", O_RDONLY|O_CLOEXEC) = 3
> root:x:0:root
> bin:x:1:root,bin,daemon
> [... prints local UNIX groups ...]
> postgres:x:70:
> open("/etc/ld.so.cache", O_RDONLY) = 4
> open("/lib64/libnss_winbind.so.2", O_RDONLY) = 4
> lstat("/tmp/.winbindd", {st_mode=S_IFDIR|0755, st_size=4096,
...}) = 0
> lstat("/tmp/.winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0,
...}) = 0
> lstat("/var/cache/samba/winbindd_privileged",
{st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0
> lstat("/var/cache/samba/winbindd_privileged/pipe",
{st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
>
> And that's it. I also can't make out any error message in the logs,
not even with log level 10. On the PDC and BDC, getent group works perfectly
(also both via nss_winbind). Seriously, I'm out of ideas. Any pointer is
greatly appreciated.
>
>