similar to: Re: winbind v3.0.26a w. nss info = sfu; wbinfo fine, getent not

wbinfo can turn names into sids, sids into names, and sids into uids. However, getent passwd only finds users in the local /etc/passwd file. Same for getent group. /etc/nsswitch.conf says this: passwd: files winbind group: files winbind shadow: compat I strace'd the getent command. It said it couldn't find /lib/libnss_winbind.so.2, so I made that a symlink to

I have winbind v3.0.26a running on ubuntu server v7.10 (gutsy). I intend to get user & group info from MsActiveDirectory. However, when I type: getent passwd somerandomuser I get the uid and gid for the user, as recorded in the msad schema by virtue of sfu, but the homedir and loginshell that are returned are like what "winbind nss info = template" would return by default:

There is an instance of Ms.Active Directory that has had the 'Services For Unix' applied. I use winbind v3.0.24 to get user/group info from that Ms.Active directory instance like so: -------- begin smb.conf snippet: ------------ security = ADS realm = mydomain.com workgroup = MYDOMAIN winbind enum groups = yes winbind enum users = yes winbind nested groups = yes winbind nss info = sfu

with samba 3.0.22, I'm trying to integrate a linux box with Microsoft AD by using winbind for authentication as well as for the source of nss info. When winbind is configured to use its own local id maps, everything works fine. But when i configure winbind to use 'ad' as the source of nss info, authentication fails, 'getent' commands return no results, and 'wbinfo -r

When winbind is configured without the 'winbind nss info =' statement (i.e. such that winbind maintains its own local map of SIDs -> UID/GIDs), the following works fine: # cd ~detertj # getent passwd detertj detertj:x:10008:10000:detertj:/home/MSOE/detertj:/bin/bash but when i try to make winbind use sfu for the mapping of SID -> UID/GID, username lookups are

Hi Jonathan, Yep, samba sends the domain name as well as the username to the domain controller, and what I think happens is the NT controller sees that the domainname passed is NOT his domain, checks his list of trusted domains, doesn't find it, and says sayonara buddy... I am assuming that 'SATURN' is the netbios name of the win2k client machine? I'm not real clear on how this

Hello, I followed the steps at http://www.enterprisenetworkingplanet.com/netos/article.php/3487081 for adding a v3.0.21a samba and winbindd server to a MsAD domain and configuring nsswitch.conf to find passwd and group info from winbind. This seems to have worked out fine, except that I can't 'see' or 'recognize' certain groups via getent or via wbinfo -g. E.g. I can see the

I'm using winbind v3.0.22 on Debian Linux as a source for nss info. I have a group that was once known by winbind, but is no more: ------ beging shell except ------ # ls -ld ./ drwxrws--- 10 root $MND000-TT227MV5K24I 4096 2006-05-10 15:41 ./ # ------ end shell except ------ It must have been known, as I was the one who chgrp'ed the dir originally. I know what the group name is

Hello, I've got a linux box running smbd & nmbd versions 2.0.6 with security = DOMAIN, and an NT4 box as the password server. The sole domain controlled by that NT4 box is named "MSOE". All is well with win98 clients. However, Win2k clients that are not part of an NT domain, but simply belong to a "workgroup" named "MSOE", are unable to authenticate. The

new installation of samba v3.0.21 on debian. Joined the samba box to an ActiveDirectory domain. Can enumerate users/groups with wbinfo run locally on the samba box. Can connect remotely to samba box via smbclient Version 3.0.10-Ubuntu linux. Can create new files via 'put' cmd within smbclient. Can login remotely to samba box with ssh client on linux box. Can _NOT_ map a drive to samba

I've got samba v3.0.21 on server 'RELIANT' with security=ADS I want MsWin XP clients, that have logged into Microsoft AD domain 'MYDOMAIN' to be able to map a drive to 'RELIANT', and to do so without having to authenticate again. I haven't been able to do so. Here's what happens: the XP client doesn't prompt for authentication (which is good,

I am currently using Mssfu, nss_ldap, and pam_ldap to enable my linux boxes to auth against MsA.D. and get all their user info from MsA.D. I recently discovered that winbind can accomplish the same without Mssfu, as long as I'm content to be limitted by the winbind config directives 'template shell' and 'template homedir'. I'd like to drop sfu if I can. The 'template

suggestion for minor improvement of the smb.conf manpage in the context of the 'idmap backend' parameter. At least as of v3.0.22 the manpage says: Finally, using the idmap_ad module, the UID and GID can directly be retrieved from an Active Directory LDAP Server that supports an RFC2307 compliant LDAP schema. idmap_ad supports "Services for Unix"

this problem might be more to do with apache than winbind, but I'll start here anyway... Problem: can't get apache httpauth to work with nested groups, though ssh auth (also using pam) to same box does Config: -------------------------------------------------------- software: apache 2.0.55, libapache2-mod-auth-pam 1.1.1, and winbind 3.0.22 pertinent apache config:

The setting is Debian with winbind v3.0.22. The pertinent bit of winbind configuration is as follows: winbind nss info = sfu idmap backend = ad winbind enum groups = yes winbind cache time = 1800 The problem is that once in a while, typically when either: a) an ls command is given for the 1st time in a login shell session or

I'm unabe to use idmap_ad and sfu nss info with Samba on AIX. The configuration as it is works on a Linux build. workgroup = DOMAIN realm = DOMAIN.TLD server string = SERVER security = ADS idmap domains = DOMAIN idmap config DOMAIN:default = yes idmap config DOMAIN:backend = ad idmap config DOMAIN:range = 1000 - 60000

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Incorrect primary group assignment for == domain users using the rfc2307 or sfu == winbind nss info plugin. == == CVE ID#: CVE-2007-4138 == == Versions: Samba 3.0.25 - 3.0.25c (inclusive) == == Summary: When the "winbind nss

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Incorrect primary group assignment for == domain users using the rfc2307 or sfu == winbind nss info plugin. == == CVE ID#: CVE-2007-4138 == == Versions: Samba 3.0.25 - 3.0.25c (inclusive) == == Summary: When the "winbind nss

Suppose I want to upgrade a bunch of packages on a system, but in case the upgrade produces unexpected, undesired results, I want to be able to rollback the system to its original state. What is the best way to do that? Often, I won't have, or be able to find, packages for the current installed versions. I.e. If I haven't upgraded postgres for 2 years, it may be that I can no longer

I'd like to: 1) use samba3 as a PDC, and 2) not use LDAP as the account backend database, and 3) specify samba to use but use "encrypt passwords = true", and 4) use an ldap server as the authentication source for samba. Is that possible? I'd assumed it would be given that samba is pam-aware, and I can tell pam to use ldap for authN. However, the man page for smb.conf seems to