Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[Samba] samba, ads, winbind and active directory

23 views
Skip to first unread message

Jason Gerfen

unread,
May 27, 2008, 9:30:19 AM5/27/08
to
I can enumerate users and groups from the domain but I cannot
authenticate the users.

Any help?

--
Jas
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

David Molina Cuevas

unread,
May 27, 2008, 5:10:19 PM5/27/08
to
Do you not get any result for a 'getent passwd', and yes for 'wbinfo -u' ?
I think I had the same problem before, I'll try to remember it.

David Molina


On Tue, May 27, 2008 at 3:25 PM, Jason Gerfen <jason....@scl.utah.edu>
wrote:

Jason Gerfen

unread,
May 28, 2008, 8:50:09 AM5/28/08
to
That is correct. Some more information so that I might receive some help
with this.

I can perform the following commands without problem:
wbinfo -t
wbinfo -m
wbinfo -g
wbinfo -u
wbinfo --krb5auth=user%password

I am not able to do the following:
getent group
getent passwd
net use x: \\valhalla\test /user:user (from a windows machine)

Anyone know what I am doing wrong or could perhaps provide some more
insight? I am definitely seeing somethings in the logs that I am unsure
of how to fix. Any help, pointers etc are appreciated.

Some log data:
[log.winbindd-idmap]
[2008/05/27 14:20:18, 10] nsswitch/idmap_util.c:idmap_sid_to_uid(125)
sid [S-1-5-21-2868754479-89028146-2101856903-88475] not mapped to an
uid [2,1,2885498664]

Contents of my smb.conf
[global]
workgroup = scl
realm = SCL.UTAH.EDU
server string = valhalla.scl.utah.edu
netbios name = valhalla

password server = *
encrypt passwords = true
security = ads

os level = 20

allow trusted domains = no
auth methods = winbind

ldap ssl = no

interfaces = eth0, lo
bind interfaces only = yes
socket options = TCP_NODELAY

log level = 20
log file = /var/log/samba3/log.%m
max log size = 50

client signing = yes
client schannel = no
client use spnego = yes

preferred master = no
local master = no
domain master = no
wins proxy = no
dns proxy = No

template shell = /bin/bash
nt acl support = yes
inherit permissions = yes
create mask = 0775
template homedir = /home/%U

winbind uid = 1000-2000000
winbind gid = 500-2000000
winbind separator = /
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind use default domain = yes
winbind offline logon = true
winbind nss info = sfu

idmap uid = 1000-2000000
idmap gid = 500-2000000
idmap domains = THEDOMAIN
idmap config THEDOMAIN:backend = ad
idmap config THEDOMAIN:default = yes
idmap config THEDOMAIN:schema_mode = rfc2307
idmap config THEDOMAIN:range = 1000 - 300000000


printcap name = cups
printing = cups
load printers = yes
cups options = raw
print command =
lpq command = %p
lprm command =

[test]
comment = testing
browsable = yes
read only = yes
create mode = 0644
path = /home/jason

0 new messages