samba - Jan 2013 - Solaris 11.1 Samba 3.6.6 oddity: wbinfo is good, but getent is not.

Hi all.

I've been searching various archives and lists to see if I can track down
what I'm doing wrong ? but I suspect something is getting in my way (bug
perhaps)? I thought I'd ask on the list to see if others have any experience
here.

Situation is as follows:

  1.  Solaris 11.1 box, successfully bound to active directory domain using
traditional net join ads syntax.
  2.  Can kinit just fine. I have a krb5.conf and krb5.keytab in place in
/etc/krb5/
  3.  Can wbinfo ?u and wbinfo ?g just fine to list all the groups in the
organisation and in the users, too.
  4.  I configured my /etc/nsswitch.conf to look like so:

passwd: files winbind
group: files winbind

I am guessing my winbind is kind of working, on the basis that wbinfo is
querying correctly and returns values from ?u and ?g.

My very thin smb.conf looks like this:

[global]
wins server = some.fqdn.goes.here, some.fqdn.goes.here
security = ADS
workgroup = SOMEWORKGROUP
realm = SOME.BIG.PLACE
machine password timeout = 0
server string = FILESERVER_TEST
log file = /var/samba/log/log.%m
log level = 1
debug pid = true
dns proxy = no
domain master = no
local master = no
preferred master = no
strict locking = no

# All the weird ID mapping strategy bits

winbind separator = +
winbind enum users = yes
winbind enum groups = yes
template homedir = /expor/home/%U
template shell = /bin/bash
idmap config * : default = yes
idmap config * : backend = tdb
idmap config * : range = 1000000-1999999
idmap cache time = 604800
------------------------

NB: These are default Solaris 11.1 support packages. Samba version is 3.6.6

Root at sol11-ads:/var/samba/log# smbd -V
Version 3.6.6

It is compiled with all the "right" modules to the best of my
understanding.

root at sol11-ads:/var/samba/log# smbd -b | grep -i win/ads/ldap
   WITH_WINBIND
   WITH_WINBIND
   WITH_ADS
   WITH_ADS
   HAVE_LDAP_H
   HAVE_HAVE_LDAP_MOZ
   HAVE_LDAP
   HAVE_LDAP_ADD_RESULT_ENTRY
   HAVE_LDAP_INIT
   HAVE_LDAP_OPEN
   HAVE_LDAP_SET_REBIND_PROC
   HAVE_LIBLDAP
   LDAP_SET_REBIND_PROC_ARGS
   idmap_ldap_init
    pdb_ldap pdb_smbpasswd pdb_tdbsam pdb_wbc_sam idmap_tdb idmap_passdb
idmap_nss nss_info_template auth_sam auth_unix auth_winbind auth_wbc auth_server
auth_domain auth_builtin vfs_default vfs_solarisacl

So, no matter what I do, I just can't convince getent to return anything
other than local groups and users. It hangs for quite a while waiting to
complete, but never finds anything outside of local users and groups. I had some
heart, because wbinfo was working so well, and I'd actually managed to get
Solaris 11.1 to join to a domain at all ? but it seems I've come unstuck. My
apologies in advance for what is probably an easily remedied issue and a silly
question. I'm only just getting back into Samba after not having to touch it
for a bout 5 years. I just get the feeling something else might be wrong (as in,
a functional issue with 3.6.6, perhaps?).

Thank you for your time and assistance.

--JC