Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] winbind and getent again
9 views
Skip to first unread message
Victor Mataré
Nov 2, 2011, 1:00:02 PM11/2/11
to
Hi everyone,
I'm trying to use winbind as nsswitch module on a domain member against a samba PDC, and it used to work fine with samba 3.4. But now after upgrading to 3.5.11, getent group/passwd don't show domain users/groups anymore. However wbinfo -g and wbinfo -u work as expected. Also:
# wbinfo -i matare
matare:*:50011:50000:Victor Mataré:/home/SGI/matare:/bin/false
# wbinfo -U 50011
S-1-5-21-154097467-3372353439-1977514440-3032
# wbinfo -G 50000
S-1-5-21-154097467-3372353439-1977514440-513
# wbinfo -s S-1-5-21-154097467-3372353439-1977514440-3032
SGI\matare 1
# wbinfo -s S-1-5-21-154097467-3372353439-1977514440-513
SGI\Domain Users 2
But getent passwd/group shows only local users. My smb.conf on the member looks like this:
[global]
workgroup = SGI
server string = Auerhahn
security = domain
password server = BUSSARD GIRLITZ
log file = /var/log/samba/log.%m
log level = 2 winbind:10
max log size = 50
winbind expand groups = 4
winbind nested groups = yes
winbind enum groups = yes
winbind enum users = yes
idmap uid = 50000-500000
idmap gid = 50000-500000
winbind use default domain = yes
idmap config SGI:range = 50000-500000
I really don't see the problem the nss_winbind module might be having:
# strace -e trace=file getent group
execve("/usr/bin/getent", ["getent", "group"], [/* 40 vars */]) = 0
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib64/libc.so.6", O_RDONLY) = 3
open("/usr/lib64/locale/locale-archive", O_RDONLY) = 3
open("/etc/nsswitch.conf", O_RDONLY) = 3
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib64/libnss_files.so.2", O_RDONLY) = 3
open("/etc/group", O_RDONLY|O_CLOEXEC) = 3
root:x:0:root
bin:x:1:root,bin,daemon
[... prints local UNIX groups ...]
postgres:x:70:
open("/etc/ld.so.cache", O_RDONLY) = 4
open("/lib64/libnss_winbind.so.2", O_RDONLY) = 4
lstat("/tmp/.winbindd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/tmp/.winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lstat("/var/cache/samba/winbindd_privileged", {st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0
lstat("/var/cache/samba/winbindd_privileged/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
And that's it. I also can't make out any error message in the logs, not even with log level 10. On the PDC and BDC, getent group works perfectly (also both via nss_winbind). Seriously, I'm out of ideas. Any pointer is greatly appreciated.
--
Victor Mataré
Sysadmin
Lehrstuhl für Ingenieur- und Hydrogeologie der RWTH Aachen
Lochnerstraße 4-20
52064 Aachen
Ph: +49-241-8096778
Fx: +49-241-8092280
http://www.lih.rwth-aachen.de
I'm trying to use winbind as nsswitch module on a domain member against a samba PDC, and it used to work fine with samba 3.4. But now after upgrading to 3.5.11, getent group/passwd don't show domain users/groups anymore. However wbinfo -g and wbinfo -u work as expected. Also:
# wbinfo -i matare
matare:*:50011:50000:Victor Mataré:/home/SGI/matare:/bin/false
# wbinfo -U 50011
S-1-5-21-154097467-3372353439-1977514440-3032
# wbinfo -G 50000
S-1-5-21-154097467-3372353439-1977514440-513
# wbinfo -s S-1-5-21-154097467-3372353439-1977514440-3032
SGI\matare 1
# wbinfo -s S-1-5-21-154097467-3372353439-1977514440-513
SGI\Domain Users 2
But getent passwd/group shows only local users. My smb.conf on the member looks like this:
[global]
workgroup = SGI
server string = Auerhahn
security = domain
password server = BUSSARD GIRLITZ
log file = /var/log/samba/log.%m
log level = 2 winbind:10
max log size = 50
winbind expand groups = 4
winbind nested groups = yes
winbind enum groups = yes
winbind enum users = yes
idmap uid = 50000-500000
idmap gid = 50000-500000
winbind use default domain = yes
idmap config SGI:range = 50000-500000
I really don't see the problem the nss_winbind module might be having:
# strace -e trace=file getent group
execve("/usr/bin/getent", ["getent", "group"], [/* 40 vars */]) = 0
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib64/libc.so.6", O_RDONLY) = 3
open("/usr/lib64/locale/locale-archive", O_RDONLY) = 3
open("/etc/nsswitch.conf", O_RDONLY) = 3
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib64/libnss_files.so.2", O_RDONLY) = 3
open("/etc/group", O_RDONLY|O_CLOEXEC) = 3
root:x:0:root
bin:x:1:root,bin,daemon
[... prints local UNIX groups ...]
postgres:x:70:
open("/etc/ld.so.cache", O_RDONLY) = 4
open("/lib64/libnss_winbind.so.2", O_RDONLY) = 4
lstat("/tmp/.winbindd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/tmp/.winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lstat("/var/cache/samba/winbindd_privileged", {st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0
lstat("/var/cache/samba/winbindd_privileged/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
And that's it. I also can't make out any error message in the logs, not even with log level 10. On the PDC and BDC, getent group works perfectly (also both via nss_winbind). Seriously, I'm out of ideas. Any pointer is greatly appreciated.
--
Victor Mataré
Sysadmin
Lehrstuhl für Ingenieur- und Hydrogeologie der RWTH Aachen
Lochnerstraße 4-20
52064 Aachen
Ph: +49-241-8096778
Fx: +49-241-8092280
http://www.lih.rwth-aachen.de
Gaiseric Vandal
Nov 2, 2011, 1:10:03 PM11/2/11
to
Does it work if you explicitly state a domain user?
e.g
getent passwd "TRUSTEDOMAIN\someuser"
I have the same symptom on my system- I don't think it actually breaks
anything.
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
e.g
getent passwd "TRUSTEDOMAIN\someuser"
I have the same symptom on my system- I don't think it actually breaks
anything.
instructions: https://lists.samba.org/mailman/options/samba
Victor Mataré
Nov 2, 2011, 6:00:02 PM11/2/11
to
On Wednesday, 02.11.2011 13:04:00 Gaiseric Vandal wrote:
> Does it work if you explicitly state a domain user?
> e.g
> getent passwd "TRUSTEDOMAIN\someuser"
>
> I have the same symptom on my system- I don't think it actually breaks
> anything.
of complex and fragile, so it might in fact have some other cause. Anyways,
rpc.idmapd maps all domain groups to nobody, so it must be having some trouble
with them. Can anybody confirm that rpc.idmapd correctly resolves domain
groups from nss_winbind when getent group does not work?
>
> On 11/02/2011 12:26 PM, Victor Mataré wrote:
> > Hi everyone,
> >
> > I'm trying to use winbind as nsswitch module on a domain member against
> > a samba PDC, and it used to work fine with samba 3.4. But no
after
> > upgrading to 3.5.11, getent group/passwd don't show domain users/groups
> > anymore. However wbinfo -g and wbinfo -u work as expected. Also:
> >
> > # wbinfo -i matare
> > matare:*:50011:50000:Victor Mataré:/home/SGI/matare:/bin/false
> > # wbinfo -U 50011
> > S-1-5-21-154097467-3372353439-1977514440-3032
> > # wbinfo -G 50000
> > S-1-5-21-154097467-3372353439-1977514440-513
> > # wbinfo -s S-1-5-21-154097467-3372353439-1977514440-3032
> > SGI\matare 1
> > # wbinfo -s S-1-5-21-154097467-3372353439-1977514440-513
> > SGI\Domain Users 2
> >
> > But getent passwd/group shows only local users. My smb.conf on the
> > member looks like this: [global]
> >
> > workgroup SGI
> > upgrading to 3.5.11, getent group/passwd don't show domain users/groups
> > anymore. However wbinfo -g and wbinfo -u work as expected. Also:
> >
> > # wbinfo -i matare
> > matare:*:50011:50000:Victor Mataré:/home/SGI/matare:/bin/false
> > # wbinfo -U 50011
> > S-1-5-21-154097467-3372353439-1977514440-3032
> > # wbinfo -G 50000
> > S-1-5-21-154097467-3372353439-1977514440-513
> > # wbinfo -s S-1-5-21-154097467-3372353439-1977514440-3032
> > SGI\matare 1
> > # wbinfo -s S-1-5-21-154097467-3372353439-1977514440-513
> > SGI\Domain Users 2
> >
> > But getent passwd/group shows only local users. My smb.conf on the
> > member looks like this: [global]
> >
> > server string Auerhahn
> > security domain
> > password server BUSSARD GIRLITZ
> > log file /var/log/samba/log.%m
> > log level 2 winbind:10
> > max log size 50
> > winbind expand groups 4
> > winbind neste
groups yes
> > winbind enum groups yes
> > winbind enum users yes
> > idmap uid 50000-500000
> > idmap gid 50000-500000
> > winbind use default domain yes
> > idmap config SGI:range 50000-500000
> >
> > I really don't see the problem the nss_winbind module might be having:
> >
> > # strace -e tracefile getent group
> > I really don't see the problem the nss_winbind module might be having:
> >
> > execve("/usr/bin/getent", ["getent", "group"], [/* 40 vars */]) 0
> > access("/etc/ld.so.preload", R_OK) -1 ENOENT (No such file or
> > directory) open("/etc/ld.so.cache", O_RDONLY) 3
> > open("/lib64/libc.so.6", O_RDONLY) 3
> > open("/usr/lib64/locale/locale-archive", O_RDONLY) 3
> > open("/etc/nsswitch.conf", O_RDONLY) 3
> > open("/etc/ld.so.cache", O_RDONLY) 3
> > open("/lib64/libnss_files.so.2", O_RDONLY) 3
> > open("/etc/group", O_RDONLY|O_CLOEXEC) 3
> > root:x:0:root
> > bin:x:1:root,bin,daemon
> > [... prints local UNIX groups ...]
> > postgres:x:70:
> > open("/etc/ld.so.cache", O_RDONLY) 4
> > bin:x:1:root,bin,daemon
> > [... prints local UNIX groups ...]
> > postgres:x:70:
> > open("/lib64/libnss_winbind.so.2", O_RDONLY) 4
> > lstat("/tmp/.winbindd", {st_modeS_IFDIR|0755, st_size@96, ...}) 0
> > lstat("/tmp/.winbindd/pipe", {st_modeS_IFSOCK|0777, st_size0, ...}) > > 0
> > lstat("/var/cache/samba/winbindd_privileged", {st_modeS_IFDIR|0750,
> > st_size@96, ...}) 0
> > lstat("/var/cache/samba/winbindd_privileged/pipe",
> > {st_modeS_IFSOCK|0777, st_size0, ...}) 0
0 new messages