thr3ads.net - samba - [Samba] pam_winbind could not lookup name [Oct 2015]

If this information is useful, please help other people find it:
Share via:

Arthur Ramsey

2015-Oct-22 20:14 UTC

[Samba] pam_winbind could not lookup name

I upgraded Samba from 4.2.0 to 4.3.1 on my domain controllers.  Now on 2 
of 4 I get the following.

Oct 22 15:07:38 dc01 sshd[1372]: pam_winbind(sshd:auth): getting password
(0x00000250)
Oct 22 15:07:38 dc01 sshd[1372]: pam_winbind(sshd:auth): pam_get_item returned a
password
Oct 22 15:07:38 dc01 sshd[1372]: pam_winbind(sshd:auth): could not lookup name:
# S-1-5-21-678334807-552442689-1282242543-512
Oct 22 15:07:38 dc01 sshd[1372]: pam_winbind(sshd:auth): cannot convert group #
S-1-5-21-678334807-552442689-1282242543-512 to sid, check if group #
S-1-5-21-678334807-552442689-1282242543-512 is valid group.

This is my config.

passdb backend = tdbsam

winbind refresh tickets = yes
winbind offline logon = yes
winbind use default domain = yes
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes

kerberos method = secrets and keytab

idmap_ldb:use rfc2307 = yes

idmap config *: backend = tdb
idmap config *: range = 90000001-100000000

idmap config MEDITURE: backend = ad
idmap config MEDITURE: range = 10000-90000000
idmap config MEDITURE: schema mode = rfc2307

I verified I have the schema.

ldbsearch -H /usr/local/samba/private/sam.ldb -s base -b
CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=mediture,DC=dom
# record 1
dn: CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=mediture,DC=dom
objectClass: top
objectClass: container
cn: ypservers
instanceType: 4
whenCreated: 20141126165518.0Z
whenChanged: 20141126165518.0Z
uSNCreated: 60503
uSNChanged: 60503
showInAdvancedViewOnly: TRUE
name: ypservers
objectGUID: 020c622b-3c45-401f-a60d-54027210861f
objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=mediture,DC=dom
distinguishedName: CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=meditu
  re,DC=dom

# returned 1 records
# 1 entries
# 0 referrals

I now get a message "Unwilling to perform" when I access the UNIX 
Attributes tab in ADUC.

-- 
Arthur Ramsey
Systems Administrator
Mediture
arthur_ramsey at mediture.com
952.400.0323


This e-mail and any attachments may contain CONFIDENTIAL information, including
PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or
disclosure of this information is STRICTLY PROHIBITED; you are requested to
delete this e-mail and any attachments, notify the sender immediately, and
notify the Mediture Privacy Officer at privacyofficer at mediture.com.

Apparently Analagous Threads

Search for more apparently analagous threads

samba - Oct 2015 - pam_winbind could not lookup name

[Samba] pam_winbind could not lookup name

Apparently Analagous Threads

Wisdom of the Ancients