samba - Oct 2013 - wbinfo -i domain_username issue

Hi,

I'm going to set up a samba4 member server joined in a existing AD
Domain (2003). I don't need a DC controller, but a simply file server
where (mostly) windows client will access to some share. so I'm gonna to
follow

https://wiki.samba.org/index.php/Samba4/Domain_Member

distro is Ubuntu 12.04.03 amd64


I compiled...
./configure --libdir=/lib/x86_64-linux-gnu --with-ads
--with-shared-modules=idmap_ad,pam --enable-old-ctdb

make... make install...
everything was fine.


/usr/local/samba/etc/smb.conf :
[global]

   log level = 3

   workgroup = SHORTDOMAIN
   security = ADS
   realm = FQDN_DOMAIN
   encrypt passwords = yes
   password server = fqdn_server1 fqdn_server2

   idmap config *:backend = tdb
   idmap config *:range = 70001-80000
   idmap config SHORTDOMAIN:backend = ad
   idmap config SHORTDOMAIN:schema_mode = rfc2307
   idmap config SHORTDOMAIN:range = 500-40000

   winbind nss info = rfc2307
   winbind trusted domains only = no
   winbind use default domain = yes
   winbind enum users  = yes
   winbind enum groups = yes

   load printers = no
   printing = bsd
   printcap name = /dev/null
   disable spoolss = yes

[test]
   path = /dati/test
   read only = no


and  /etc/krb5.conf :

[logging]
     default = FILE:/var/log/krb5libs.log
     kdc = FILE:/var/log/krb5kdc.log
     admin_server = FILE:/var/log/kadmind.log

[libdefaults]
     default_realm = FQDN_DOMAIN
     dns_lookup_realm = true
     dns_lookup_kdc = false
     ticket_lifetime = 24h
     forwardable = yes

[appdefaults]
     pam = {
          debug = false
          ticket_lifetime = 36000
          renew_lifetime = 36000
          forwardable = true
          krb4_convert = false
     }

[realms]
    FQDN_DOMAIN = {
        kdc = fqdn_server1
        admin_server = fqdn_server1
        default_domain = FQDN_DOMAIN
    }

[domain_realm]
     .arpa.veneto.it = FQDN_DOMAIN
     arpa.veneto.it = FQDN_DOMAIN


/etc/nsswitch.conf
passwd:         files winbind
group:          files winbind


net ads join was fine ...


and here we are...  wbinfo -u and -g are fine

but...    wbinfo -i domain_username  fails  with this error :
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user domain_username

and   getent passwd  ...show me only local users...

This problem, it seem quite near at 
http://www.mail-archive.com/samba at lists.samba.org/msg127228.html
but I really have to switch this fileserver to DC conf ?!  I'm working
with an idea of  2/3 DC controller (samba4 or w2kx), more other samba4
fileserver (as this)

I tried many times.. re-compiling etc...  I'm bit confused... what am I
missing ?



thx in advance
Alessio Tomelleri

On Mon, 2013-10-07 at 18:07 +0200, Alessio Tomelleri
wrote:
> 
> 
>    idmap config *:backend = tdb
>    idmap config *:range = 70001-80000
>    idmap config SHORTDOMAIN:backend = ad
>    idmap config SHORTDOMAIN:schema_mode = rfc2307
>    idmap config SHORTDOMAIN:range = 500-40000
> 
>    winbind nss info = rfc2307
Hi
This configuration suggests that your rfc2307 attributes are stored in
AD. Are you sure your users and groups have uidNumber and/or gidNumber
attributes set under their respective DN's? If not, then winbind has
nothing to retrieve for the getent command. Oh, and kill any nscd for
the moment.
HTH
Steve