Alex Matthews
2017-May-26 11:21 UTC
[Samba] failed to call wbcGetpwnam/wbcGetgrnam/wbcGetpwsid WBC_ERR_DOMAIN_NOT_FOUND
>Why do people add stuff to the smb.conf on a DC without really knowing whatthey are doing ??? Why do people on mailing-lists always treat people who make mistakes like children? You patronising..... person.... Maybe you should consider that this smb.conf has been on a server for a long time and that servers roles have changed. wins support # From the pre AD days, perhaps? enumports command # because we use it dns forwarder # From a time where we used the internal DNS, perhaps?>You might as well remove the following lines, they are either default settings,do nothing on a DC or plain shouldn't be on a DC: Other than the ones that "plain shouldn't be on a DC" (you fail to mention which those are) why would I remove them? Yes, the libnss_winbind.so is in place. PAM is irrelevant in this situation. The OS is Arch Linux. So having taken your golden advice and removed those lines.... I am in exactly the same place I was when I first posted just in a slightly more disheartened mood at the community. On 25 May 2017 at 14:33, Rowland Penny via samba <samba at lists.samba.org> wrote:> On Thu, 25 May 2017 13:25:15 +0100 > Alex Matthews via samba <samba at lists.samba.org> wrote: > > > Hiya, > > > > I've run into a problem on a Samba 4.5.8 active directory domain > > controller. The domain controller seems to work to authenticate > > against (I have a couple of domain members). However wbinfo throws an > > error when used locally. My configs are posted at the bottom of the > > page. > > > > Why do people add stuff to the smb.conf on a DC without really knowing > what they are doing ??? > > wins support # Really, on a DC ? > enumports command # Again, why ? > dns forwarder # Only used with the internal dns server and you are > using Bind9 > > You might as well remove the following lines, they are either default > settings, do nothing on a DC or plain shouldn't be on a DC: > > winbind nss info = rfc2307 > winbind trusted domains only = yes > winbind use default domain = Yes > winbind nested groups = Yes > winbind max domain connections = 10 > winbind sealed pipes = yes > > I know you have set up /etc/nsswitch.conf, but is libnss_winbind.so > installed. > > Is PAM set up correctly ? > > what OS are you using ? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rowland Penny
2017-May-26 12:04 UTC
[Samba] failed to call wbcGetpwnam/wbcGetgrnam/wbcGetpwsid WBC_ERR_DOMAIN_NOT_FOUND
On Fri, 26 May 2017 12:21:35 +0100 Alex Matthews via samba <samba at lists.samba.org> wrote:> >Why do people add stuff to the smb.conf on a DC without really > >knowing what > they are doing ??? > > Why do people on mailing-lists always treat people who make mistakes > like children? You patronising..... person.... > Maybe you should consider that this smb.conf has been on a server for > a long time and that servers roles have changed.Sorry if I upset you, but you posted a smb.conf from an Samba AD DC and in most cases, the smb.conf you get from the provision is all you need. when wbinfo shows users and groups, all this means is that they are in AD, it does not mean that the Unix OS has any idea who they are. You never mentioned that you had changed the servers role, not that this means much, because if you changed the computer from being any other form of a Samba server to being a DC, you would have had to remove the smb.conf If 'getent passwd username' doesn't produce any output, but 'wbinfo -u | grep username' does, then your problem undoubtedly lies in libnss. Do you have the correct libnss_winbind.so in your lib path ? From what I know about arch, it is based on ubuntu, which is based on debian, so you should find libnss_winbind.so in /lib/x86_64-linux-gnu I install these packages on debian: libpam-winbind libpam-krb5 libnss-winbind With these installed on a DC, getent works for me. Rowland
Alex Matthews
2017-May-26 12:31 UTC
[Samba] failed to call wbcGetpwnam/wbcGetgrnam/wbcGetpwsid WBC_ERR_DOMAIN_NOT_FOUND
>Sorry if I upset you, but....Thanks, the apology is much appreciated.> Do you have the correct libnss_winbind.so in your lib path ?# locate libnss /usr/lib/libnss_compat-2.25.so /usr/lib/libnss_compat.so /usr/lib/libnss_compat.so.2 <truncated> /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.2> From what I know about arch, it is based on ubuntu, which is based on debian Arch is not based on any other distro. # pacman -Qo /usr/lib/libnss_winbind.so.2 /usr/lib/libnss_winbind.so.2 is owned by smbclient 4.5.8-1 Even though it's wbinfo throwing the error, it could still be an libnss issue? On 26 May 2017 at 13:04, Rowland Penny via samba <samba at lists.samba.org> wrote:> On Fri, 26 May 2017 12:21:35 +0100 > Alex Matthews via samba <samba at lists.samba.org> wrote: > > > >Why do people add stuff to the smb.conf on a DC without really > > >knowing what > > they are doing ??? > > > > Why do people on mailing-lists always treat people who make mistakes > > like children? You patronising..... person.... > > Maybe you should consider that this smb.conf has been on a server for > > a long time and that servers roles have changed. > > Sorry if I upset you, but you posted a smb.conf from an Samba AD DC and > in most cases, the smb.conf you get from the provision is all you need. > > when wbinfo shows users and groups, all this means is that they are in > AD, it does not mean that the Unix OS has any idea who they are. > > You never mentioned that you had changed the servers role, not that > this means much, because if you changed the computer from being any > other form of a Samba server to being a DC, you would have had to > remove the smb.conf > > If 'getent passwd username' doesn't produce any output, but 'wbinfo -u > | grep username' does, then your problem undoubtedly lies in > libnss. Do you have the correct libnss_winbind.so in your lib path ? > > From what I know about arch, it is based on ubuntu, which is based on > debian, so you should find libnss_winbind.so in /lib/x86_64-linux-gnu > > I install these packages on debian: > > libpam-winbind libpam-krb5 libnss-winbind > > With these installed on a DC, getent works for me. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Apparently Analagous Threads
- failed to call wbcGetpwnam/wbcGetgrnam/wbcGetpwsid WBC_ERR_DOMAIN_NOT_FOUND
- failed to call wbcGetpwnam/wbcGetgrnam/wbcGetpwsid WBC_ERR_DOMAIN_NOT_FOUND
- failed to call wbcGetpwnam/wbcGetgrnam/wbcGetpwsid WBC_ERR_DOMAIN_NOT_FOUND
- failed to call wbcGetpwnam/wbcGetgrnam/wbcGetpwsid WBC_ERR_DOMAIN_NOT_FOUND
- failed to call wbcGetpwnam/wbcGetgrnam/wbcGetpwsid WBC_ERR_DOMAIN_NOT_FOUND