Giuseppe Sacco
2018-Oct-18 02:56 UTC
[Samba] NSS interface lists all domain users but gives error on single user
Hello Rowland Il giorno mer, 17/10/2018 alle 21.28 +0100, Rowland Penny via samba ha scritto: [...]> What does 'wbinfo -U 10182' return ? > The last number should be 2182root at kubuntu-test:~# wbinfo -U 10182 S-1-5-21-1076504413-1754488879-1808648030-2182 root at kubuntu-test:~# wbinfo -n 'AGENZIA\lorenam' S-1-5-21-1076504413-1754488879-1808648030-2182 SID_USER (1) root at kubuntu-test:~# getent passwd 'AGENZIA\lorenam' root at kubuntu-test:~#> > I do not know how to better debug the problem: I have reised "log > > level" in smb.conf but no logging is done during the getent > > execution. > > > > Bit lost myself here, why doesn't 'getent passwd username' return > anything ? > Is there anything like sssd running ? > > Have you changed anything else ?This is a new installation for testing purposes: there were no previous installation, so nothing changed. sssd is not installed. root at kubuntu-test:~# COLUMNS=80 dpkg -l | egrep samba\|winb\|sss ii libnss-winbind 2:4.7.6+dfsg amd64 Samba nameservice integration plu ii libpam-winbind 2:4.7.6+dfsg amd64 Windows domain authentication int ii libwbclient0:a 2:4.7.6+dfsg amd64 Samba winbind client library ii python-samba 2:4.7.6+dfsg amd64 Python bindings for Samba ii samba 2:4.7.6+dfsg amd64 SMB/CIFS file, print, and login s ii samba-common 2:4.7.6+dfsg all common files used by both the Sam ii samba-common-b 2:4.7.6+dfsg amd64 Samba common files used by both t ii samba-dsdb-mod 2:4.7.6+dfsg amd64 Samba Directory Services Database ii samba-libs:amd 2:4.7.6+dfsg amd64 Samba core libraries ii samba-vfs-modu 2:4.7.6+dfsg amd64 Samba Virtual FileSystem plugins ii winbind 2:4.7.6+dfsg amd64 service to resolve user and group even commenting out the lines about the rid idmap backend, and hence defaulting to the "*" domain config that uses tdb, the mapping works. wbinfo and tdb file display/contain the same mapping: #idmap config AGENZIA : backend = rid #idmap config AGENZIA : range = 8000-20000 # systemctl stop winbind smbd nmbd # rm /var/cache/samba/gencache.tdb /var/cache/samba/netsamlogon_cache.tdb \ /var/lib/samba/account_policy.tdb /var/lib/samba/group_mapping.tdb \ /var/lib/samba/winbindd_cache.tdb /var/lib/samba/winbindd_cache.tdb.bak \ /var/lib/samba/winbindd_idmap.tdb /var/lib/samba/private/idmap2.tdb # systemctl start winbind smbd nmbd # getent passwd 'AGENZIA\lorenam' # getent passwd | fgrep 'AGENZIA\lorenam' AGENZIA\lorenam:*:3034:3004::/home/lorenam:/bin/bash # wbinfo --uid-to-sid 3034 S-1-5-21-1076504413-1754488879-1808648030-2182 # tdbtool /var/lib/samba/winbindd_idmap.tdb show 'UID 3034\0' key 9 bytes UID 3034 data 47 bytes [000] 53 2D 31 2D 35 2D 32 31 2D 31 30 37 36 35 30 34 S-1-5-21 -1076504 [010] 34 31 33 2D 31 37 35 34 34 38 38 38 37 39 2D 31 413-1754 488879-1 [020] 38 30 38 36 34 38 30 33 30 2D 32 31 38 32 00 80864803 0-2182 # wbinfo --sid-to-uid S-1-5-21-1076504413-1754488879-1808648030-2182 3034 # tdbtool /var/lib/samba/winbindd_idmap.tdb show 'S-1-5-21-1076504413-1754488879-1808648030-2182\0' key 47 bytes S-1-5-21-1076504413-1754488879-1808648030-2182 data 9 bytes [000] 55 49 44 20 33 30 33 34 00 UID 3034 So, I think this is not related to the mapping, but probably to libnss- winbind. Bye, Giuseppe
Rowland Penny
2018-Oct-18 07:43 UTC
[Samba] NSS interface lists all domain users but gives error on single user
On Thu, 18 Oct 2018 04:56:08 +0200 Giuseppe Sacco via samba <samba at lists.samba.org> wrote:> Hello Rowland > > Il giorno mer, 17/10/2018 alle 21.28 +0100, Rowland Penny via samba ha > scritto: > [...] > > What does 'wbinfo -U 10182' return ? > > The last number should be 2182 > > root at kubuntu-test:~# wbinfo -U 10182 > S-1-5-21-1076504413-1754488879-1808648030-2182 > root at kubuntu-test:~# wbinfo -n 'AGENZIA\lorenam' > S-1-5-21-1076504413-1754488879-1808648030-2182 SID_USER (1) > root at kubuntu-test:~# getent passwd 'AGENZIA\lorenam' > root at kubuntu-test:~# > > > > I do not know how to better debug the problem: I have reised "log > > > level" in smb.conf but no logging is done during the getent > > > execution. > > > > > > > Bit lost myself here, why doesn't 'getent passwd username' return > > anything ? > > Is there anything like sssd running ? > > > > Have you changed anything else ? > > This is a new installation for testing purposes: there were no > previous installation, so nothing changed. sssd is not installed. > > root at kubuntu-test:~# COLUMNS=80 dpkg -l | egrep samba\|winb\|sss > ii libnss-winbind 2:4.7.6+dfsg amd64 Samba nameservice > integration plu ii libpam-winbind 2:4.7.6+dfsg amd64 Windows > domain authentication int ii libwbclient0:a 2:4.7.6+dfsg > amd64 Samba winbind client library ii python-samba > 2:4.7.6+dfsg amd64 Python bindings for Samba ii > samba 2:4.7.6+dfsg amd64 SMB/CIFS file, print, and > login s ii samba-common 2:4.7.6+dfsg all common files > used by both the Sam ii samba-common-b 2:4.7.6+dfsg amd64 > Samba common files used by both t ii samba-dsdb-mod 2:4.7.6+dfsg > amd64 Samba Directory Services Database ii samba-libs:amd > 2:4.7.6+dfsg amd64 Samba core libraries ii samba-vfs-modu > 2:4.7.6+dfsg amd64 Samba Virtual FileSystem plugins ii > winbind 2:4.7.6+dfsg amd64 service to resolve user and > group > > > even commenting out the lines about the rid idmap backend, and hence > defaulting to the "*" domain config that uses tdb, the mapping works. > wbinfo and tdb file display/contain the same mapping: > > #idmap config AGENZIA : backend = rid > #idmap config AGENZIA : range = 8000-20000 > > # systemctl stop winbind smbd nmbd > # > rm /var/cache/samba/gencache.tdb /var/cache/samba/netsamlogon_cache.tdb > \ /var/lib/samba/account_policy.tdb /var/lib/samba/group_mapping.tdb > \ /var/lib/samba/winbindd_cache.tdb /var/lib/samba/winbindd_cache.tdb.bak > \ /var/lib/samba/winbindd_idmap.tdb /var/lib/samba/private/idmap2.tdb > # systemctl start winbind smbd nmbd > > # getent passwd 'AGENZIA\lorenam' > # getent passwd | fgrep 'AGENZIA\lorenam' > AGENZIA\lorenam:*:3034:3004::/home/lorenam:/bin/bash > > # wbinfo --uid-to-sid 3034 > S-1-5-21-1076504413-1754488879-1808648030-2182 > # tdbtool /var/lib/samba/winbindd_idmap.tdb show 'UID 3034\0' > key 9 bytes > UID 3034 > data 47 bytes > [000] 53 2D 31 2D 35 2D 32 31 2D 31 30 37 36 35 30 34 S-1-5-21 > -1076504 [010] 34 31 33 2D 31 37 35 34 34 38 38 38 37 39 2D 31 > 413-1754 488879-1 [020] 38 30 38 36 34 38 30 33 30 2D 32 31 38 32 > 00 80864803 0-2182 > > # wbinfo --sid-to-uid S-1-5-21-1076504413-1754488879-1808648030-2182 > 3034 > # tdbtool /var/lib/samba/winbindd_idmap.tdb show > 'S-1-5-21-1076504413-1754488879-1808648030-2182\0' key 47 bytes > S-1-5-21-1076504413-1754488879-1808648030-2182 > data 9 bytes > [000] 55 49 44 20 33 30 33 34 00 UID 3034 > > So, I think this is not related to the mapping, but probably to > libnss- winbind. >If that was the case, why does 'getent passwd' work ? OK, what version of Kubuntu is this ? I will run up a VM and see if I can find the problem. Rowland
Giuseppe Sacco
2018-Oct-18 08:00 UTC
[Samba] NSS interface lists all domain users but gives error on single user
Il giorno gio, 18/10/2018 alle 08.43 +0100, Rowland Penny via samba ha scritto: [...]> > So, I think this is not related to the mapping, but probably to > > libnss- winbind. > > > > If that was the case, why does 'getent passwd' work ?I don't know.> OK, what version of Kubuntu is this ? I will run up a VM and see if I > can find the problem.Kubuntu 18.04.1 LTS Thank you very much, Giuseppe
Apparently Analagous Threads
- NSS interface lists all domain users but gives error on single user
- NSS interface lists all domain users but gives error on single user
- NSS interface lists all domain users but gives error on single user
- NSS interface lists all domain users but gives error on single user
- NSS interface lists all domain users but gives error on single user