Hi all,
First of all, sorry for my english. I don't speak well english (of course
I'm french! ;-) ) but I will try to do my best to explain you my problem.
I have a CentOS 6.3 system running with samba 3.5.10 against an AD 2008. My goal
is to build a vsftpd server authenticating with users in my AD domain.
Everything is working quite fine but I have something strange :
When I put winbind in debug mode and when I do 'id -G root' I see these
messages in winbindd.log :
[2012/09/03 15:37:23.449662,? 6] winbindd/winbindd.c:768(new_connection)
? accepted socket 21
[2012/09/03 15:37:23.449967,? 3]
winbindd/winbindd_misc.c:352(winbindd_interface_version)
? [ 4759]: request interface version
[2012/09/03 15:37:23.450112,? 3]
winbindd/winbindd_misc.c:385(winbindd_priv_pipe_dir)
? [ 4759]: request location of privileged pipe
[2012/09/03 15:37:23.450337,? 6] winbindd/winbindd.c:768(new_connection)
? accepted socket 22
[2012/09/03 15:37:23.450421,? 6]
winbindd/winbindd.c:816(winbind_client_request_read)
? closing socket 21, client exited
[2012/09/03 15:37:23.450539,? 3]
winbindd/winbindd_getgroups.c:60(winbindd_getgroups_send)
? getgroups root
[2012/09/03 15:37:23.450691,? 5]
winbindd/winbindd_getgroups.c:187(winbindd_getgroups_recv)
? Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2012/09/03 15:37:23.451367,? 6]
winbindd/winbindd.c:816(winbind_client_request_read)
? closing socket 22, client exited
Winbind is asked by nss to resolve root secondary groups !!! I don't
undestrand why : root is only local and all his groups are local.
The output is :
# id -G root
0 1 2 3 4 6 10 494
My question is quite simple : why nss ask winbind to resolve theses groups name
whereas they are all local !?!
Do you think the only thing I have to do is? ignore these messages ?
Here are my conf files :
/etc/nsswitch.conf :
passwd:???? files winbind
shadow:???? files
group:????? files winbind
/etc/samba/smb.conf :
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
[global]
??? workgroup = DOMAIN
??? realm = DOMAIN.FQDN
??? server string = Serveur ftp
??? security = ADS
??? allow trusted domains = No
??? password server = 10.32.242.32 10.56.242.56
??? ntlm auth = No
??? kerberos method = secrets and keytab
??? log level = 10
??? log file = /var/log/samba/log.%m
??? nt pipe support = No
??? socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
??? load printers = No
??? domain master = No
??? dns proxy = No
??? idmap alloc backend = tdb
??? idmap uid = 10000-500000
??? idmap gid = 10000-500000
??? template homedir = /usr/app/ftp/ftp/%U
??? template shell = /sbin/nologin
??? winbind enum users = Yes
??? winbind enum groups = Yes
??? winbind use default domain = Yes
??? winbind refresh tickets = Yes
??? create krb5 conf = No
??? invalid users = root
??? cups options = raw
Thank you for your help !
