samba - Feb 2018 - Samba 3.6 'getent passwd user' not working

Hello,

I have a Samba 3.6 server (MUST stay at 3.6) and I want to user the
"ad"
backend for usermapping. Here is my smb.conf:
--------------
[global]
security = ADS
workgroup = example
realm = EXAMPLE.NET
loglevel = 4

winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
idmap config * : backend = tdb
idmap config * : range = 5000-7999
idmap config EXAMPLE : backend = ad
idmap config EXAMPLE : schema_mode = rfc2307
idmap config EXAMPLE : range = 100000-399999
template shell = /bin/bash
template homedir = /home/%U
--------------

It's a CentOS 6 System libnss_winbind is installed, I use the packages 
from the distribution. "wbinfo -u" is showing all users:
--------------
[root at samba3 ~]# wbinfo -u
administrator
tuser
dns-dc1
krbtgt
guest
stka
--------------

A "getent passwd stka" is showing nothing. If I do a "wbinfo
--verbose
-i stka" I will see the following errormessage:
--------------
[root at samba3 ~]# wbinfo --verbose -i stka
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user stka
--------------

The user has all the required Unix attributes set in AD, also the 
default group has a UIDNumber set in AD.

On the ADDC I checked for the ypServ30 stuff:
--------------
[root at dc1 ~]# ldbsearch -H /var/lib/samba/private/sam.ldb -s base -b 
CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=example,DC=net cn
# record 1
dn: CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=example,DC=net
cn: ypservers

# returned 1 records
# 1 entries
# 0 referrals
--------------

What did I do wrong?

Stefan

On Mon, 26 Feb 2018 17:06:33 +0100
Stefan Kania via samba <samba at lists.samba.org> wrote:
> Hello,
> 
> I have a Samba 3.6 server (MUST stay at 3.6) and I want to user the
> "ad" backend for usermapping. Here is my smb.conf:
> --------------
> [global]
> security = ADS
> workgroup = example
> realm = EXAMPLE.NET
> loglevel = 4
> 
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> idmap config * : backend = tdb
> idmap config * : range = 5000-7999
> idmap config EXAMPLE : backend = ad
> idmap config EXAMPLE : schema_mode = rfc2307
> idmap config EXAMPLE : range = 100000-399999
> template shell = /bin/bash
> template homedir = /home/%U
> --------------
> 
> It's a CentOS 6 System libnss_winbind is installed, I use the
> packages from the distribution. "wbinfo -u" is showing all users:
> --------------
> [root at samba3 ~]# wbinfo -u
> administrator
> tuser
> dns-dc1
> krbtgt
> guest
> stka
> --------------
> 
> A "getent passwd stka" is showing nothing. If I do a "wbinfo
> --verbose -i stka" I will see the following errormessage:
> --------------
> [root at samba3 ~]# wbinfo --verbose -i stka
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user stka
> --------------
> 
> The user has all the required Unix attributes set in AD, also the 
> default group has a UIDNumber set in AD.
When you say the user has all the required Unix attributes, I take it
you mean the user has a uidNumber attribute (at least) containing a
unique number inside the 100000-399999 range and that Domain Users has
a gidNumber attribute containing a number inside the same range.

Have you added 'winbind' to the passwd & group lines
in /etc/nsswitch.conf ?

Is winbind installed ?

Rowland

Hi Rowland,

it's fixed, I don't know why, but I copied the smb.conf via copy and 
past out of my documentation, when I rewirte the parameter in smb.conf 
it is working. I think there was a hiden charcter wenn copy the smb.conf 
from y documentation. All the users are shown now with "getent passwd 
user".

Stefan

Am 26.02.2018 17:23, schrieb Rowland Penny via samba:
> On Mon, 26 Feb 2018 17:06:33 +0100
> Stefan Kania via samba <samba at lists.samba.org> wrote:
> 
>> Hello,
>> 
>> I have a Samba 3.6 server (MUST stay at 3.6) and I want to user the
>> "ad" backend for usermapping. Here is my smb.conf:
>> --------------
>> [global]
>> security = ADS
>> workgroup = example
>> realm = EXAMPLE.NET
>> loglevel = 4
>> 
>> winbind nss info = rfc2307
>> winbind trusted domains only = no
>> winbind use default domain = yes
>> idmap config * : backend = tdb
>> idmap config * : range = 5000-7999
>> idmap config EXAMPLE : backend = ad
>> idmap config EXAMPLE : schema_mode = rfc2307
>> idmap config EXAMPLE : range = 100000-399999
>> template shell = /bin/bash
>> template homedir = /home/%U
>> --------------
>> 
>> It's a CentOS 6 System libnss_winbind is installed, I use the
>> packages from the distribution. "wbinfo -u" is showing all
users:
>> --------------
>> [root at samba3 ~]# wbinfo -u
>> administrator
>> tuser
>> dns-dc1
>> krbtgt
>> guest
>> stka
>> --------------
>> 
>> A "getent passwd stka" is showing nothing. If I do a
"wbinfo
>> --verbose -i stka" I will see the following errormessage:
>> --------------
>> [root at samba3 ~]# wbinfo --verbose -i stka
>> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
>> Could not get info for user stka
>> --------------
>> 
>> The user has all the required Unix attributes set in AD, also the
>> default group has a UIDNumber set in AD.
> 
> When you say the user has all the required Unix attributes, I take it
> you mean the user has a uidNumber attribute (at least) containing a
> unique number inside the 100000-399999 range and that Domain Users has
> a gidNumber attribute containing a number inside the same range.
> 
> Have you added 'winbind' to the passwd & group lines
> in /etc/nsswitch.conf ?
> 
> Is winbind installed ?
> 
> Rowland
-- 
Stefan Kania
Landweg 13
25693 St. Michaelisdonn


Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre 
E-Mail. Weiter Informationen unter http://www.gnupg.org

Mein Schlüssel liegt auf

hkp://subkeys.pgp.net