On Fri, 2013-10-11 at 10:16 -0400, Lee Allen wrote: > Samba 3.6.17 joined to Samba 4.2.0 AD domain, using winbind > > 'wbinfo -g' and 'getent group' successfully list all groups. > 'getent group 10006' returns: > domain users:x:10006: > 'getent group "domain users"' fails with return code 2 > > partial log.winbind after above command: > > [2013/10/11 10:01:31.288199, 3] > winbindd/winbindd_misc.c:384(winbindd_interface_version) > [31911]: request interface version > [2013/10/11 10:01:31.288288, 3] > winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir) > [31911]: request location of privileged pipe > [2013/10/11 10:01:31.288421, 3] > winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send) > getgrnam domain users > [2013/10/11 10:01:31.288520, 3] > winbindd/winbindd_msrpc.c:252(msrpc_name_to_sid) > msrpc_name_to_sid: name=DOMAIN\USERS > [2013/10/11 10:01:31.288547, 3] > winbindd/winbindd_msrpc.c:266(msrpc_name_to_sid) > name_to_sid [rpc] DOMAIN\USERS for domain DOMAIN > > if I specify the domain name, ie: 'getent group "ALLENLAN\\domain users"' > it still fails... > > [2013/10/11 10:02:18.280728, 3] > winbindd/winbindd_misc.c:384(winbindd_interface_version) > [31925]: request interface version > [2013/10/11 10:02:18.280823, 3] > winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir) > [31925]: request location of privileged pipe > [2013/10/11 10:02:18.280940, 3] > winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send) > getgrnam ALLENLAN\domain users > [2013/10/11 10:02:18.281033, 3] > winbindd/winbindd_msrpc.c:252(msrpc_name_to_sid) > msrpc_name_to_sid: name=ALLENLAN\DOMAIN\USERS > [2013/10/11 10:02:18.281060, 3] > winbindd/winbindd_msrpc.c:266(msrpc_name_to_sid) > name_to_sid [rpc] ALLENLAN\DOMAIN\USERS for domain ALLENLAN\DOMAIN > > Note the missing space in "DOMAIN\USERS" in the logs. I don't know whether > this is relevant. > > 'getent passwd' does not have any such problems - it can query by UID or > username > > > smb.conf: > > [global] > workgroup = ALLENLAN > realm = allenlan.net > password server = 192.168.0.13 > preferred master = no > server string = zone-samba3 > security = ads > encrypt passwords = yes > log level = 3 > log file = /var/log/samba/%m > max log size = 50 > printcap name = cups > printing = cups > winbind enum users = yes > winbind enum groups = yes > winbind use default domain = yes > winbind nested groups = yes > winbind separator = \ > idmap config * : backend = ad > idmap config * : range = 10000-100000
Quite a bit missing here. Try: idmap config * : backend = tdb idmap config * : range = 9800-9900 idmap config ALLENLAN : default = yes idmap config ALLENLAN : schema mode = rfc2307 idmap config ALLENLAN : backend = ad idmap config ALLENLAN : range = 10000-1000000 HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba