thr3ads.net - samba - [Samba] nsswitch/libnss

If this information is useful, please help other people find it:
Share via:

Marc Rechté

2015-Jun-22 10:59 UTC

[Samba] nsswitch/libnss_winbind.so.2

Sorry I forgot the /etc/samba/smb.conf:

[global]

	workgroup = STUDELEC-SA
	server string = Samba Server Version %v

;	netbios name = MYSERVER

;	interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
;	hosts allow = 127. 192.168.12. 192.168.13.

;	max protocol = SMB2

	# log files split per-machine:
	log file = /var/log/samba/smb.log
	# maximum size of 50KB per log file, then rotate:
	max log size = 50

	log level = winbind:9
# ----------------------- Domain Members Options ------------------------

    security = ADS
    realm = STUDELEC-SA.COM
    server role = member server
    dedicated keytab file = /etc/krb5.keytab
    kerberos method = secrets and keytab

    idmap config *:backend = tdb
    idmap config *:range = 2000-9999
    idmap config STUDELEC-SA:backend = ad
    idmap config STUDELEC-SA:schema_mode = rfc2307
    idmap config STUDELEC-SA:range = 10000-99999

    winbind nss info = rfc2307
    winbind trusted domains only = no
    winbind use default domain = yes
    winbind enum users  = yes
    winbind enum groups = yes
    winbind refresh tickets = Yes
    winbind expand groups = 4
    winbind normalize names = Yes
    domain master = no
    local master = no
    vfs objects = acl_xattr
    map acl inherit = Yes
    store dos attributes = Yes



OK, issuing this command:

$ getent passwd tunix

Produces in /var/log/log.wb-STUDELEC-SA:

2015/06/22 12:32:37.473115,  4] 
../source3/winbindd/winbindd_dual.c:1346(child_handler)
   Finished processing child request 20
[2015/06/22 12:32:37.473241,  4] 
../source3/winbindd/winbindd_dual.c:1338(child_handler)
   child daemon request 20
[2015/06/22 12:32:37.473278,  3] 
../source3/winbindd/winbindd_misc.c:161(winbindd_dual_list_trusted_domains)
   [27699]: list trusted domains
[2015/06/22 12:32:37.473301,  3] 
../source3/winbindd/winbindd_ads.c:1427(trusted_domains)
   ads: trusted_domains
[2015/06/22 12:32:37.474261,  4] 
../source3/winbindd/winbindd_dual.c:1346(child_handler)
   Finished processing child request 20
[2015/06/22 12:34:23.262925,  4] 
../source3/winbindd/winbindd_dual.c:1338(child_handler)
   child daemon request 59
[2015/06/22 12:34:23.263078,  3] 
../source3/winbindd/winbindd_msrpc.c:252(msrpc_name_to_sid)
   msrpc_name_to_sid: name=STUDELEC-SA\TUNIX
[2015/06/22 12:34:23.263178,  3] 
../source3/winbindd/winbindd_msrpc.c:266(msrpc_name_to_sid)
   name_to_sid [rpc] STUDELEC-SA\TUNIX for domain STUDELEC-SA
[2015/06/22 12:34:23.267421,  4] 
../source3/winbindd/winbindd_dual.c:1346(child_handler)
   Finished processing child request 59
[2015/06/22 12:34:23.267684,  4] 
../source3/winbindd/winbindd_dual.c:1338(child_handler)
   child daemon request 59
[2015/06/22 12:34:23.267767,  3] 
../source3/winbindd/winbindd_ads.c:605(query_user)
   ads: query_user
[2015/06/22 12:34:23.329798,  3] 
../source3/winbindd/winbindd_ads.c:730(query_user)
   ads query_user gave tunix
[2015/06/22 12:34:23.329862,  4] 
../source3/winbindd/winbindd_dual.c:1346(child_handler)
   Finished processing child request 59
[2015/06/22 12:34:23.330027,  4] 
../source3/winbindd/winbindd_dual.c:1338(child_handler)
   child daemon request 59
[2015/06/22 12:34:23.330068,  3] 
../source3/winbindd/winbindd_msrpc.c:300(msrpc_sid_to_name)
   msrpc_sid_to_name: S-1-5-21-497920593-2320919703-1315762108-513 for 
domain STUDELEC-SA
[2015/06/22 12:34:23.331468,  5] 
../source3/winbindd/winbindd_msrpc.c:320(msrpc_sid_to_name)
   Mapped sid to [STUDELEC-SA]\[Utilisateurs du domaine]
[2015/06/22 12:34:23.331501,  5] 
../source3/winbindd/winbindd_cache.c:1184(resolve_username_to_alias)
   resolve_username_to_alias: backend query returned 
NT_STATUS_INVALID_PARAMETER
[2015/06/22 12:34:23.331528,  5] 
../source3/winbindd/winbindd_msrpc.c:328(msrpc_sid_to_name)
   returning mapped name -- Utilisateurs_du_domaine
[2015/06/22 12:34:23.331563,  4] 
../source3/winbindd/winbindd_dual.c:1346(child_handler)
   Finished processing child request 59
[2015/06/22 12:34:23.331698,  4] 
../source3/winbindd/winbindd_dual.c:1338(child_handler)
   child daemon request 59
[2015/06/22 12:34:23.332704,  4] 
../source3/winbindd/winbindd_dual.c:1346(child_handler)
   Finished processing child request 59
[2015/06/22 12:37:37.501433,  4] 
../source3/winbindd/winbindd_dual.c:1338(child_handler)
   child daemon request 20
[2015/06/22 12:37:37.501560,  3] 
../source3/winbindd/winbindd_misc.c:161(winbindd_dual_list_trusted_domains)
   [27699]: list trusted domains
[2015/06/22 12:37:37.501598,  3] 
../source3/winbindd/winbindd_ads.c:1427(trusted_domains)
   ads: trusted_domains
[2015/06/22 12:37:37.503225,  4] 
../source3/winbindd/winbindd_dual.c:1346(child_handler)
   Finished processing child request 20
[2015/06/22 12:42:37.505184,  4] 
../source3/winbindd/winbindd_dual.c:1338(child_handler)
   child daemon request 20
[2015/06/22 12:42:37.505292,  3] 
../source3/winbindd/winbindd_misc.c:161(winbindd_dual_list_trusted_domains)
   [27699]: list trusted domains
[2015/06/22 12:42:37.505325,  3] 
../source3/winbindd/winbindd_ads.c:1427(trusted_domains)
   ads: trusted_domains
[2015/06/22 12:42:37.506940,  4] 
../source3/winbindd/winbindd_dual.c:1346(child_handler)
   Finished processing child request 20



Le 22/06/2015 09:56, Rowland Penny a ?crit :> On 22/06/15 07:38, Marc Recht? wrote:
>> Hello,
>>
>> Trying to set up an AD member server, I am stuck on nsswitch not
>> working.
>>
>> wbinfo -u returns the list of domain users, but getent passwd <some
>> user> always fails (exit 2)
>>
>> /etc/nsswitch.conf
>> passwd:     files winbind
>> shadow:     files winbind
>> group:      files winbind
>>
>> $ ls -l /usr/lib64/libnss_w*
>> lrwxrwxrwx 1 root root    19 23 f?vr. 14:39
>> /usr/lib64/libnss_winbind.so -> libnss_winbind.so.2
>> -rwxr-xr-x 1 root root 19224 23 f?vr. 14:40
>> /usr/lib64/libnss_winbind.so.2
>> lrwxrwxrwx 1 root root    16 23 f?vr. 14:39 /usr/lib64/libnss_wins.so
>> -> libnss_wins.so.2
>> -rwxr-xr-x 1 root root 10976 23 f?vr. 14:40 /usr/lib64/libnss_wins.so.2
>>
>> System is Fedora 21 64-bit with up to date packages
>>
>> Thanks
>>
>
> I think you are going to have to give us a bit more info, just telling
> us it doesn't work, isn't enough.
>
> smb.conf, anything in the logs etc
>
> Rowland
>

Rowland Penny

2015-Jun-22 11:23 UTC

head link

[Samba] nsswitch/libnss_winbind.so.2

On 22/06/15 11:59, Marc Recht? wrote:> Sorry I forgot the /etc/samba/smb.conf:
>
> [global]
>
>     workgroup = STUDELEC-SA
>     server string = Samba Server Version %v
>
> ;    netbios name = MYSERVER
>
> ;    interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
> ;    hosts allow = 127. 192.168.12. 192.168.13.
>
> ;    max protocol = SMB2
>
>     # log files split per-machine:
>     log file = /var/log/samba/smb.log
>     # maximum size of 50KB per log file, then rotate:
>     max log size = 50
>
>     log level = winbind:9
> # ----------------------- Domain Members Options ------------------------
>
>    security = ADS
>    realm = STUDELEC-SA.COM
>    server role = member server
>    dedicated keytab file = /etc/krb5.keytab
>    kerberos method = secrets and keytab
>
>    idmap config *:backend = tdb
>    idmap config *:range = 2000-9999
>    idmap config STUDELEC-SA:backend = ad
>    idmap config STUDELEC-SA:schema_mode = rfc2307
>    idmap config STUDELEC-SA:range = 10000-99999
>
>    winbind nss info = rfc2307
>    winbind trusted domains only = no
>    winbind use default domain = yes
>    winbind enum users  = yes
>    winbind enum groups = yes
>    winbind refresh tickets = Yes
>    winbind expand groups = 4
>    winbind normalize names = Yes
>    domain master = no
>    local master = no
>    vfs objects = acl_xattr
>    map acl inherit = Yes
>    store dos attributes = Yes
>
>
>
> OK, issuing this command:
>
> $ getent passwd tunix
>
> Produces in /var/log/log.wb-STUDELEC-SA:
>
> 2015/06/22 12:32:37.473115,  4] 
> ../source3/winbindd/winbindd_dual.c:1346(child_handler)
>   Finished processing child request 20
> [2015/06/22 12:32:37.473241,  4] 
> ../source3/winbindd/winbindd_dual.c:1338(child_handler)
>   child daemon request 20
> [2015/06/22 12:32:37.473278,  3] 
> ../source3/winbindd/winbindd_misc.c:161(winbindd_dual_list_trusted_domains)
>   [27699]: list trusted domains
> [2015/06/22 12:32:37.473301,  3] 
> ../source3/winbindd/winbindd_ads.c:1427(trusted_domains)
>   ads: trusted_domains
> [2015/06/22 12:32:37.474261,  4] 
> ../source3/winbindd/winbindd_dual.c:1346(child_handler)
>   Finished processing child request 20
> [2015/06/22 12:34:23.262925,  4] 
> ../source3/winbindd/winbindd_dual.c:1338(child_handler)
>   child daemon request 59
> [2015/06/22 12:34:23.263078,  3] 
> ../source3/winbindd/winbindd_msrpc.c:252(msrpc_name_to_sid)
>   msrpc_name_to_sid: name=STUDELEC-SA\TUNIX
> [2015/06/22 12:34:23.263178,  3] 
> ../source3/winbindd/winbindd_msrpc.c:266(msrpc_name_to_sid)
>   name_to_sid [rpc] STUDELEC-SA\TUNIX for domain STUDELEC-SA
> [2015/06/22 12:34:23.267421,  4] 
> ../source3/winbindd/winbindd_dual.c:1346(child_handler)
>   Finished processing child request 59
> [2015/06/22 12:34:23.267684,  4] 
> ../source3/winbindd/winbindd_dual.c:1338(child_handler)
>   child daemon request 59
> [2015/06/22 12:34:23.267767,  3] 
> ../source3/winbindd/winbindd_ads.c:605(query_user)
>   ads: query_user
> [2015/06/22 12:34:23.329798,  3] 
> ../source3/winbindd/winbindd_ads.c:730(query_user)
>   ads query_user gave tunix
> [2015/06/22 12:34:23.329862,  4] 
> ../source3/winbindd/winbindd_dual.c:1346(child_handler)
>   Finished processing child request 59
> [2015/06/22 12:34:23.330027,  4] 
> ../source3/winbindd/winbindd_dual.c:1338(child_handler)
>   child daemon request 59
> [2015/06/22 12:34:23.330068,  3] 
> ../source3/winbindd/winbindd_msrpc.c:300(msrpc_sid_to_name)
>   msrpc_sid_to_name: S-1-5-21-497920593-2320919703-1315762108-513 for 
> domain STUDELEC-SA
> [2015/06/22 12:34:23.331468,  5] 
> ../source3/winbindd/winbindd_msrpc.c:320(msrpc_sid_to_name)
>   Mapped sid to [STUDELEC-SA]\[Utilisateurs du domaine]
> [2015/06/22 12:34:23.331501,  5] 
> ../source3/winbindd/winbindd_cache.c:1184(resolve_username_to_alias)
>   resolve_username_to_alias: backend query returned 
> NT_STATUS_INVALID_PARAMETER
> [2015/06/22 12:34:23.331528,  5] 
> ../source3/winbindd/winbindd_msrpc.c:328(msrpc_sid_to_name)
>   returning mapped name -- Utilisateurs_du_domaine
> [2015/06/22 12:34:23.331563,  4] 
> ../source3/winbindd/winbindd_dual.c:1346(child_handler)
>   Finished processing child request 59
> [2015/06/22 12:34:23.331698,  4] 
> ../source3/winbindd/winbindd_dual.c:1338(child_handler)
>   child daemon request 59
> [2015/06/22 12:34:23.332704,  4] 
> ../source3/winbindd/winbindd_dual.c:1346(child_handler)
>   Finished processing child request 59
> [2015/06/22 12:37:37.501433,  4] 
> ../source3/winbindd/winbindd_dual.c:1338(child_handler)
>   child daemon request 20
> [2015/06/22 12:37:37.501560,  3] 
> ../source3/winbindd/winbindd_misc.c:161(winbindd_dual_list_trusted_domains)
>   [27699]: list trusted domains
> [2015/06/22 12:37:37.501598,  3] 
> ../source3/winbindd/winbindd_ads.c:1427(trusted_domains)
>   ads: trusted_domains
> [2015/06/22 12:37:37.503225,  4] 
> ../source3/winbindd/winbindd_dual.c:1346(child_handler)
>   Finished processing child request 20
> [2015/06/22 12:42:37.505184,  4] 
> ../source3/winbindd/winbindd_dual.c:1338(child_handler)
>   child daemon request 20
> [2015/06/22 12:42:37.505292,  3] 
> ../source3/winbindd/winbindd_misc.c:161(winbindd_dual_list_trusted_domains)
>   [27699]: list trusted domains
> [2015/06/22 12:42:37.505325,  3] 
> ../source3/winbindd/winbindd_ads.c:1427(trusted_domains)
>   ads: trusted_domains
> [2015/06/22 12:42:37.506940,  4] 
> ../source3/winbindd/winbindd_dual.c:1346(child_handler)
>   Finished processing child request 20
>
>
>
> Le 22/06/2015 09:56, Rowland Penny a ?crit :
>> On 22/06/15 07:38, Marc Recht? wrote:
>>> Hello,
>>>
>>> Trying to set up an AD member server, I am stuck on nsswitch not
>>> working.
>>>
>>> wbinfo -u returns the list of domain users, but getent passwd
<some
>>> user> always fails (exit 2)
>>>
>>> /etc/nsswitch.conf
>>> passwd:     files winbind
>>> shadow:     files winbind
>>> group:      files winbind
>>>
>>> $ ls -l /usr/lib64/libnss_w*
>>> lrwxrwxrwx 1 root root    19 23 f?vr. 14:39
>>> /usr/lib64/libnss_winbind.so -> libnss_winbind.so.2
>>> -rwxr-xr-x 1 root root 19224 23 f?vr. 14:40
>>> /usr/lib64/libnss_winbind.so.2
>>> lrwxrwxrwx 1 root root    16 23 f?vr. 14:39
/usr/lib64/libnss_wins.so
>>> -> libnss_wins.so.2
>>> -rwxr-xr-x 1 root root 10976 23 f?vr. 14:40
/usr/lib64/libnss_wins.so.2
>>>
>>> System is Fedora 21 64-bit with up to date packages
>>>
>>> Thanks
>>>
>>
>> I think you are going to have to give us a bit more info, just telling
>> us it doesn't work, isn't enough.
>>
>> smb.conf, anything in the logs etc
>>
>> Rowland
>>
>
>
>
>
OK, every thing looks correct in smb.conf, though you don't need:

server role = member server
winbind trusted domains only = no

So I suppose the next question is, what is the member server joined to ?

If it is a Samba4 AD DC, then have you given your users a gidNumber 
attribute and have you given 'Domain Users' (at least) a gidNumber 
attribute ? These numbers need to be inside the range set in your 
smb.conf '10000-99999', anything outside these numbers will be ignored.

If it is a windows AD DC, then is IDMU installed, if it is, then 
uidNumbers, gidNumbers as above.

Rowland

Marc Rechte

2015-Jun-22 12:19 UTC

head link

[Samba] nsswitch/libnss_winbind.so.2

Le 22/06/2015 13:23, Rowland Penny a ?crit :> On 22/06/15 11:59, Marc Recht? wrote:
>> Sorry I forgot the /etc/samba/smb.conf:
>>
>> [global]
>>
>>     workgroup = STUDELEC-SA
>>     server string = Samba Server Version %v
>>
>> ;    netbios name = MYSERVER
>>
>> ;    interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
>> ;    hosts allow = 127. 192.168.12. 192.168.13.
>>
>> ;    max protocol = SMB2
>>
>>     # log files split per-machine:
>>     log file = /var/log/samba/smb.log
>>     # maximum size of 50KB per log file, then rotate:
>>     max log size = 50
>>
>>     log level = winbind:9
>> # ----------------------- Domain Members Options 
>> ------------------------
>>
>>    security = ADS
>>    realm = STUDELEC-SA.COM
>>    server role = member server
>>    dedicated keytab file = /etc/krb5.keytab
>>    kerberos method = secrets and keytab
>>
>>    idmap config *:backend = tdb
>>    idmap config *:range = 2000-9999
>>    idmap config STUDELEC-SA:backend = ad
>>    idmap config STUDELEC-SA:schema_mode = rfc2307
>>    idmap config STUDELEC-SA:range = 10000-99999
>>
>>    winbind nss info = rfc2307
>>    winbind trusted domains only = no
>>    winbind use default domain = yes
>>    winbind enum users  = yes
>>    winbind enum groups = yes
>>    winbind refresh tickets = Yes
>>    winbind expand groups = 4
>>    winbind normalize names = Yes
>>    domain master = no
>>    local master = no
>>    vfs objects = acl_xattr
>>    map acl inherit = Yes
>>    store dos attributes = Yes
>>
>>
>>
>> OK, issuing this command:
>>
>> $ getent passwd tunix
>>
>> Produces in /var/log/log.wb-STUDELEC-SA:
>>
>> 2015/06/22 12:32:37.473115,  4] 
>> ../source3/winbindd/winbindd_dual.c:1346(child_handler)
>>   Finished processing child request 20
>> [2015/06/22 12:32:37.473241,  4] 
>> ../source3/winbindd/winbindd_dual.c:1338(child_handler)
>>   child daemon request 20
>> [2015/06/22 12:32:37.473278,  3] 
>>
../source3/winbindd/winbindd_misc.c:161(winbindd_dual_list_trusted_domains)
>>   [27699]: list trusted domains
>> [2015/06/22 12:32:37.473301,  3] 
>> ../source3/winbindd/winbindd_ads.c:1427(trusted_domains)
>>   ads: trusted_domains
>> [2015/06/22 12:32:37.474261,  4] 
>> ../source3/winbindd/winbindd_dual.c:1346(child_handler)
>>   Finished processing child request 20
>> [2015/06/22 12:34:23.262925,  4] 
>> ../source3/winbindd/winbindd_dual.c:1338(child_handler)
>>   child daemon request 59
>> [2015/06/22 12:34:23.263078,  3] 
>> ../source3/winbindd/winbindd_msrpc.c:252(msrpc_name_to_sid)
>>   msrpc_name_to_sid: name=STUDELEC-SA\TUNIX
>> [2015/06/22 12:34:23.263178,  3] 
>> ../source3/winbindd/winbindd_msrpc.c:266(msrpc_name_to_sid)
>>   name_to_sid [rpc] STUDELEC-SA\TUNIX for domain STUDELEC-SA
>> [2015/06/22 12:34:23.267421,  4] 
>> ../source3/winbindd/winbindd_dual.c:1346(child_handler)
>>   Finished processing child request 59
>> [2015/06/22 12:34:23.267684,  4] 
>> ../source3/winbindd/winbindd_dual.c:1338(child_handler)
>>   child daemon request 59
>> [2015/06/22 12:34:23.267767,  3] 
>> ../source3/winbindd/winbindd_ads.c:605(query_user)
>>   ads: query_user
>> [2015/06/22 12:34:23.329798,  3] 
>> ../source3/winbindd/winbindd_ads.c:730(query_user)
>>   ads query_user gave tunix
>> [2015/06/22 12:34:23.329862,  4] 
>> ../source3/winbindd/winbindd_dual.c:1346(child_handler)
>>   Finished processing child request 59
>> [2015/06/22 12:34:23.330027,  4] 
>> ../source3/winbindd/winbindd_dual.c:1338(child_handler)
>>   child daemon request 59
>> [2015/06/22 12:34:23.330068,  3] 
>> ../source3/winbindd/winbindd_msrpc.c:300(msrpc_sid_to_name)
>>   msrpc_sid_to_name: S-1-5-21-497920593-2320919703-1315762108-513 for 
>> domain STUDELEC-SA
>> [2015/06/22 12:34:23.331468,  5] 
>> ../source3/winbindd/winbindd_msrpc.c:320(msrpc_sid_to_name)
>>   Mapped sid to [STUDELEC-SA]\[Utilisateurs du domaine]
>> [2015/06/22 12:34:23.331501,  5] 
>> ../source3/winbindd/winbindd_cache.c:1184(resolve_username_to_alias)
>>   resolve_username_to_alias: backend query returned 
>> NT_STATUS_INVALID_PARAMETER
>> [2015/06/22 12:34:23.331528,  5] 
>> ../source3/winbindd/winbindd_msrpc.c:328(msrpc_sid_to_name)
>>   returning mapped name -- Utilisateurs_du_domaine
>> [2015/06/22 12:34:23.331563,  4] 
>> ../source3/winbindd/winbindd_dual.c:1346(child_handler)
>>   Finished processing child request 59
>> [2015/06/22 12:34:23.331698,  4] 
>> ../source3/winbindd/winbindd_dual.c:1338(child_handler)
>>   child daemon request 59
>> [2015/06/22 12:34:23.332704,  4] 
>> ../source3/winbindd/winbindd_dual.c:1346(child_handler)
>>   Finished processing child request 59
>> [2015/06/22 12:37:37.501433,  4] 
>> ../source3/winbindd/winbindd_dual.c:1338(child_handler)
>>   child daemon request 20
>> [2015/06/22 12:37:37.501560,  3] 
>>
../source3/winbindd/winbindd_misc.c:161(winbindd_dual_list_trusted_domains)
>>   [27699]: list trusted domains
>> [2015/06/22 12:37:37.501598,  3] 
>> ../source3/winbindd/winbindd_ads.c:1427(trusted_domains)
>>   ads: trusted_domains
>> [2015/06/22 12:37:37.503225,  4] 
>> ../source3/winbindd/winbindd_dual.c:1346(child_handler)
>>   Finished processing child request 20
>> [2015/06/22 12:42:37.505184,  4] 
>> ../source3/winbindd/winbindd_dual.c:1338(child_handler)
>>   child daemon request 20
>> [2015/06/22 12:42:37.505292,  3] 
>>
../source3/winbindd/winbindd_misc.c:161(winbindd_dual_list_trusted_domains)
>>   [27699]: list trusted domains
>> [2015/06/22 12:42:37.505325,  3] 
>> ../source3/winbindd/winbindd_ads.c:1427(trusted_domains)
>>   ads: trusted_domains
>> [2015/06/22 12:42:37.506940,  4] 
>> ../source3/winbindd/winbindd_dual.c:1346(child_handler)
>>   Finished processing child request 20
>>
>>
>>
>> Le 22/06/2015 09:56, Rowland Penny a ?crit :
>>> On 22/06/15 07:38, Marc Recht? wrote:
>>>> Hello,
>>>>
>>>> Trying to set up an AD member server, I am stuck on nsswitch
not
>>>> working.
>>>>
>>>> wbinfo -u returns the list of domain users, but getent passwd
<some
>>>> user> always fails (exit 2)
>>>>
>>>> /etc/nsswitch.conf
>>>> passwd:     files winbind
>>>> shadow:     files winbind
>>>> group:      files winbind
>>>>
>>>> $ ls -l /usr/lib64/libnss_w*
>>>> lrwxrwxrwx 1 root root    19 23 f?vr. 14:39
>>>> /usr/lib64/libnss_winbind.so -> libnss_winbind.so.2
>>>> -rwxr-xr-x 1 root root 19224 23 f?vr. 14:40
>>>> /usr/lib64/libnss_winbind.so.2
>>>> lrwxrwxrwx 1 root root    16 23 f?vr. 14:39
/usr/lib64/libnss_wins.so
>>>> -> libnss_wins.so.2
>>>> -rwxr-xr-x 1 root root 10976 23 f?vr. 14:40 
>>>> /usr/lib64/libnss_wins.so.2
>>>>
>>>> System is Fedora 21 64-bit with up to date packages
>>>>
>>>> Thanks
>>>>
>>>
>>> I think you are going to have to give us a bit more info, just
telling
>>> us it doesn't work, isn't enough.
>>>
>>> smb.conf, anything in the logs etc
>>>
>>> Rowland
>>>
>>
>>
>>
>>
>
> OK, every thing looks correct in smb.conf, though you don't need:
>
> server role = member server
> winbind trusted domains only = no
>
> So I suppose the next question is, what is the member server joined to ?
>
> If it is a Samba4 AD DC, then have you given your users a gidNumber 
> attribute and have you given 'Domain Users' (at least) a gidNumber 
> attribute ? These numbers need to be inside the range set in your 
> smb.conf '10000-99999', anything outside these numbers will be
ignored.
>
> If it is a windows AD DC, then is IDMU installed, if it is, then 
> uidNumbers, gidNumbers as above.
>
> Rowland
Server is MS Windows 2000

What is IDMU ? We have made sure NIS Extension is installed and that 
"tunix" uid/gid have been set to 10000/10000. But others users
(groups)
have not been set, especially "Domain Users" (Utilisateurs_du_domaine
in
my log). Setting its GID value in UNIX Tab solved the issue !

May be the Wiki could stress on that particular point.

Thanks for your help.

Marc

Seemingly Similar Threads

Search for more possibly parallel threads

samba - Jun 2015 - nsswitch/libnss_winbind.so.2

[Samba] nsswitch/libnss_winbind.so.2

[Samba] nsswitch/libnss_winbind.so.2

[Samba] nsswitch/libnss_winbind.so.2

Seemingly Similar Threads