On Sep 16, 2005, at 2:11 PM, John H Terpstra wrote:
On Friday 16 September 2005 12:14, Doug Sampson wrote:
I did and this did address the wbinfo -u OR -g output but the getent
passwd OR group, is still only listing the local users and groups
<sigh> According to the Samba docs, it's either the NSS switch or
the PAM
modules or both that appear to be preventing the enumeration of
users/groups. I have on hand TOSHARG and the 'Samba-3 By Examples'
books.
Check page 228 section 12 in 'Samba-3 by Examples' and you will
see what I
am referring to.
If 'wbinfo -u' returns the domain user list, but 'getent passwd'
does not,
this means that NSS is not working. It has nothing to do with PAM.
I'm using FreeBSD and their NSS libraries are different from
Linux's and
I'm wondering if that is the cause. FreeBSD uses nss_winbind.so.1
whereas
there are numerous references to libnss_winbind.so.2 in TOSHARG
which is
based on Linux. I fear FreeBSD's GCC compiler is either older and/or
different than Linux's. What distro are you using?
Have you joined the Samba server to the domain?
What do 'net rpc info' and 'net ads info' report?
net rpc info returns nothing
net ads info, returns:
msp1intmx01:~ # net ads info
LDAP server: 71.4.126.89
LDAP server name: msp1intmx02
Realm: DOMAIN.COM
Bind Path: dc=DOMAIN,dc=COM
LDAP port: 389
Server time: Fri, 16 Sep 2005 14:17:38 GMT
KDC server: 71.4.126.89
Server time offset: 0
I didn't think i was using ldap to store the idmap values for users,
i thought the smb.conf setting idmap backend=idmap_rid
Is winbindd running?
Yes
Did you rename the libnss_winbind.so.2 file to nss_winbind.so.1?
No, i did not see that step in any of the documentation i have used.
I did this and restarted winbind but it seemed to have no effect.
Did you locate this in the /lib or the /usr/lib directory?
in the /lib directory only
What error logs are you seeing in /var/adm/messages?
I am seeing a number of messages like this:
Sep 16 14:21:17 msp1intmx01 winbindd[23202]:
rid_idmap_get_id_from_sid: rid: 1157 (UID: 1657) too high
for mapping of domain: JUMPNODE (500-1000)
Which i assume is related to the fact that i changed the
idmap_backend setting earlier this morning in the smb.conf file.
Here is what it currently set to:
idmap backend = idmap_rid:JUMPNODE=500-1000
idmap uid = 500-1000
idmap gid = 500-1000
This morning the idmap_backend had a range of 500-5000 but then i ran
winbindd -i -d3 and i saw winbind complaining about the range being
set too high, and i adjusted it down. Is there someplace i need to
clear the old values from? I have since restarted winbind several
times but that does not seem to be sufficient.
Thank You,
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668
Author:
The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228
Samba-3 by Example, 2 Ed., ISBN: 0131882221X
Hardening Linux, ISBN: 0072254971
Other books in production.
Mike Partyka
Jumpnode Systems, LLC
Systems Administrator
(612)605-5056 Desk
(612)605-5099 Fax
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
