Horacio G. de Oro
2014-Oct-30 16:41 UTC
[Samba] wbinfo -u/-g/-n works, but not 'wbinfo -i' or 'id'
Hi! I'm trying to add a member to be used as fileserver, following the
guides at:
- https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
- https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC
The AD server has been in use for month, but I can't get user
information from the new member. The new member was joined to the
directory, and nsswitch was configured. Running 'id username' returns
'No such user'.
Running 'wbinfo -u' and 'wbinfo -g', 'wbinfo -n
username' and 'wbinfo
--sid-to-uid' works OK. Also 'wbinfo --online-status' and
'wbinfo
--ping-dc'
But, when I try 'id username', or 'wbinfo -i username', it fails
with
WBC_ERR_DOMAIN_NOT_FOUND
$ wbinfo -i username
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user username
$ wbinfo -n username
S-1-5-21-3087569779-2873525441-767630994-1118 SID_USER (1)
And using '--sid-to-uid' I got the UID:
$ wbinfo --sid-to-uid S-1-5-21-3087569779-2873525441-767630994-1118
10000
The UID was added using ADUC, just to the user I'm using for the tests.
I've confirmed the information is in the directory, since I can see it
when dumping the user information (from the AD server):
$ ldapsearch -x -h 127.0.0.1 -b DC=mydomain,DC=com,DC=ar -D
CN=Administrator,CN=Users,DC=pea,DC=com,DC=ar samaccountname=username
-W
(...)
msSFU30NisDomain: mydomain
uidNumber: 10000
loginShell: /bin/sh
unixHomeDirectory: /home/username
gidNumber: 10000
msSFU30Name: username
unixUserPassword: ABCD!efgh12345$67890
uid: username
(...)
The full log is available at:
https://gist.github.com/hgdeoro/3a8cbce9defc43bc5699.
The new member configuration file is at:
https://gist.github.com/hgdeoro/4e6204b482f0d790cc8b
I'm using CentOS 6 in both servers, with Samba 4.0.22 from SerNet.
Am I missing some step or configuration? Any help will be appreciated.
Thanks in advance
Horacio
--
Email: hgdeoro at gmail.com
Web: http://www.data-tsunami.com
Cel: +54 9 3572 525359
LinkedIn: https://www.linkedin.com/in/hgdeoro
Linux Servers ? Web Development in Python & Java ? DevOps ? Big Data
Adam Tauno Williams
2015-Apr-14 13:59 UTC
[Samba] wbinfo -u/-g/-n works, but not 'wbinfo -i' or 'id'
On Thu, 2014-10-30 at 13:41 -0300, Horacio G. de Oro wrote:> Hi! I'm trying to add a member to be used as fileserver, following the > guides at: > - https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server > - https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC > The AD server has been in use for month, but I can't get user > information from the new member. The new member was joined to the > directory, and nsswitch was configured. Running 'id username' returns > 'No such user'. > Running 'wbinfo -u' and 'wbinfo -g', 'wbinfo -n username' and 'wbinfo > --sid-to-uid' works OK. Also 'wbinfo --online-status' and 'wbinfo > --ping-dc' > But, when I try 'id username', or 'wbinfo -i username', it fails with > WBC_ERR_DOMAIN_NOT_FOUND > $ wbinfo -i username > failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND > Could not get info for user username > $ wbinfo -n username > S-1-5-21-3087569779-2873525441-767630994-1118 SID_USER (1) > And using '--sid-to-uid' I got the UID: > $ wbinfo --sid-to-uid S-1-5-21-3087569779-2873525441-767630994-1118 > 10000 Servers ? Web Development in Python & Java ? DevOps ? Big DataI am experiencing much the same issue; wbinfo -u/-g works but getent passwd/group only contains a very partial user list and querying a specific user causes the WBC_ERR_DOMAIN_NOT_FOUND error. Although otherwise the domain is functional and there are active workstations. Did you every identify a solution? -- Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA
Rowland Penny
2015-Apr-14 14:20 UTC
[Samba] wbinfo -u/-g/-n works, but not 'wbinfo -i' or 'id'
On 14/04/15 14:59, Adam Tauno Williams wrote:> On Thu, 2014-10-30 at 13:41 -0300, Horacio G. de Oro wrote: >> Hi! I'm trying to add a member to be used as fileserver, following the >> guides at: >> - https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server >> - https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC >> The AD server has been in use for month, but I can't get user >> information from the new member. The new member was joined to the >> directory, and nsswitch was configured. Running 'id username' returns >> 'No such user'. >> Running 'wbinfo -u' and 'wbinfo -g', 'wbinfo -n username' and 'wbinfo >> --sid-to-uid' works OK. Also 'wbinfo --online-status' and 'wbinfo >> --ping-dc' >> But, when I try 'id username', or 'wbinfo -i username', it fails with >> WBC_ERR_DOMAIN_NOT_FOUND >> $ wbinfo -i username >> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND >> Could not get info for user username >> $ wbinfo -n username >> S-1-5-21-3087569779-2873525441-767630994-1118 SID_USER (1) >> And using '--sid-to-uid' I got the UID: >> $ wbinfo --sid-to-uid S-1-5-21-3087569779-2873525441-767630994-1118 >> 10000 Servers ? Web Development in Python & Java ? DevOps ? Big Data > I am experiencing much the same issue; wbinfo -u/-g works but getent > passwd/group only contains a very partial user list and querying a > specific user causes the WBC_ERR_DOMAIN_NOT_FOUND error. Although > otherwise the domain is functional and there are active workstations. > > Did you every identify a solution? >It should work, it sounds like a mis-configuration somewhere, can you post the smb.conf, /etc/nsswitch.conf, /etc/resolv.conf and /etc/krb5.conf from the member server. Rowland
Horacio G. de Oro
2015-Apr-18 19:35 UTC
[Samba] wbinfo -u/-g/-n works, but not 'wbinfo -i' or 'id'
On Tue, Apr 14, 2015 at 10:59 AM, Adam Tauno Williams <awilliam at whitemice.org> wrote:> > I am experiencing much the same issue; wbinfo -u/-g works but getent > passwd/group only contains a very partial user list and querying a > specific user causes the WBC_ERR_DOMAIN_NOT_FOUND error. Although > otherwise the domain is functional and there are active workstations. > > Did you every identify a solution? >We solved that setting the GID of the AD users (setting the UIDs didn't solved that... you need to set the GID too). See [1]. Just FYI: another BIG issue we have was modifications of groups requiring too many time to propagate to fileservers (form minutes to hours). The only workaround I've found to that issue is [2]. We are using Samba 4.1 now. Regards, Horacio [1] https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC#Using_ADUC_to_set_Unix_Attributes_on_a_user_account [2] https://lists.samba.org/archive/samba/2014-October/185604.html -- Horacio G. de Oro Email: hgdeoro at gmail.com Web: http://www.data-tsunami.com/english/ Cel: +54 9 3572 525359 LinkedIn: https://www.linkedin.com/in/hgdeoro Linux Sysadmin - Python/Java Web Developer - DevOps - Big Data