I have configured winbind on a Linux file server, connecting to a Samba PDC. When I run wbinfo -g, I can see the group "domain users". On the other hand, when I run getent group, I do not see this group. Apart from a few other groups, all groups are visibile in both wbinfo -g and getent group.
When running for the first time wbinfo -u, getent passwd and wbinfo -g, I got the results almost instantaneous, but getent group is very slow, and the first time seems to time out (actually the first and second time take 1m10s, and none of the domain groups are shown. After the third try, the groups are shown, but a few are missing). Concerning the missing groups, this is in winbind logs: [2006/10/17 14:08:48, 4] nsswitch/winbindd_group.c:get_sam_group_entries(562) get_sam_group_entries: Native Mode 2k domain; enumerating local groups as well [2006/10/17 14:08:48, 4] nsswitch/winbindd_group.c:get_sam_group_entries(571) get_sam_group_entries: Returned 9 local groups [2006/10/17 14:08:48, 4] nsswitch/winbindd_group.c:get_sam_group_entries(562) get_sam_group_entries: Native Mode 2k domain; enumerating local groups as well [2006/10/17 14:08:48, 4] nsswitch/winbindd_group.c:get_sam_group_entries(571) get_sam_group_entries: Returned 0 local groups [2006/10/17 14:08:48, 3] nsswitch/winbindd.c:client_write(532) write failed on sock 21, pid 10925: Broken pipe [2006/10/17 14:08:48, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(261) [10925]: request interface version [2006/10/17 14:08:48, 3] nsswitch/winbindd.c:client_write(532) write failed on sock 22, pid 10925: Broken pipe [2006/10/17 14:08:48, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(261) [10926]: request interface version [2006/10/17 14:08:48, 3] nsswitch/winbindd.c:client_write(532) write failed on sock 21, pid 10926: Broken pipe [2006/10/17 14:08:48, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(261) [10926]: request interface version [2006/10/17 14:08:48, 3] nsswitch/winbindd.c:client_write(532) write failed on sock 23, pid 10926: Broken pipe [2006/10/17 14:08:48, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(261) [10927]: request interface version [2006/10/17 14:08:48, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297) [10927]: request location of privileged pipe [2006/10/17 14:08:48, 3] nsswitch/winbindd_group.c:winbindd_setgrent(431) [10927]: setgrent [2006/10/17 14:08:48, 3] nsswitch/winbindd_group.c:winbindd_getgrent(619) [10927]: getgrent [2006/10/17 14:08:48, 1] nsswitch/winbindd_group.c:fill_grent_mem(134) could not lookup membership for group rid S-1-5-21-2127695773-367946666-646806464-513 in domain SECGEN (error: NT_STATUS_UNSUCCESSFUL) [2006/10/17 14:08:48, 0] nsswitch/winbindd_group.c:winbindd_getgrent(790) could not lookup domain group domain users Another problem which happens fairly often, adn probably is the cause of the slowness: [2006/10/17 14:06:44, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435) cli_pipe: return critical error. Error was Call timed out: server did not respond after 10000 milliseconds [2006/10/17 14:06:44, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435) cli_pipe: return critical error. Error was Call timed out: server did not respond after 10000 milliseconds [2006/10/17 14:06:44, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435) cli_pipe: return critical error. Error was Call timed out: server did not respond after 10000 milliseconds [2006/10/17 14:06:44, 1] nsswitch/winbindd_group.c:fill_grent_mem(134) could not lookup membership for group rid S-1-5-21-2127695773-367946666-646806464-1185 in domain SECGEN (error: NT_STATUS_UNSUCCESSFUL) What could make that wbinfo -g sees all groups, while getent groups misses a few of them? What makes getent group so slow? I guess I should not need to install nscd on the file server? there are about 400 users and 200 groups. So the PDC is also Samba with OpenLDAP as database back-end. The version of Samba used (on both PDC and ont the file server with winbind) is 3.0.14a from Debian Sarge. -- Frederik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
