On 7/19/07, Fernando Ruza <[EMAIL PROTECTED]> wrote: > Did you solve it ?? I have a similar problem. wbinfo -u give me a user, > however when a look for it with getent passwd it doesn't appear. With > other users everything is correct. > > Thanks, > > Fernando.
iirc, it was idiocy on my part. All i had to do was change the 'idmap backend' to: idmap backend = rid:DOMAIN=10000-60000, rid:BUILTIN=1000-9999 and things started working again. > > > El lun, 12-02-2007 a las 01:17 -0500, Noah Dain escribió: > > I have two different systems (on different networks) showing this > > behavior. Both are running Ubuntu Dapper/606.1 LTS with samba version > > 3.0.22 and windows 2003 sp1 servers (not R2). AD integration is done > > via winbind, with nss using winbind. At some point in time (which is > > unknown to me), the samba server stopped seeing new users, groups, > > machines which are added to AD. > > > > scenario: > > I add a new user to AD, say "smbtest". I then look for the user with > > "wbinfo -u", and it shows up. However, it does not show up with > > "getent passwd" (same for groups, "getent group"). If I try to map a > > share to a drive letter, it goes something like this: > > > > C:\WINDOWS>net use h: \\SAMBASRV\smbtest /user:DOMAIN\smbtest password > > > > System error 1326 has occurred. > > > > > > Logon failure: unknown user name or bad password. > > > > (The same results occur for existing shares, so it's not from lack of > > a home directory) > > > > Of particular interest is log.winbindd-idmap. Whenever I try to > > connect as the user smbtest to their home directory or another share, > > this is logged here several times: > > > > [2007/02/11 20:45:40, 0] sam/idmap_rid.c:rid_idmap_get_id_from_sid(485) > > rid_idmap_get_id_from_sid: no suitable range available for sid: > > S-1-5-21-4050315045-3251428658-993335031-3123 > > > > "wbinfo -s S-1-5-21-4050315045-3251428658-993335031-3123" returns > > "smbtest" as expected. > > "wbinfo -n smbtest" returns that sid. > > Other users/sids work. > > > > other stuff I've tried / observed: > > > > "net ads testjoin" looks good. > > kerberos looks good. > > There are no local accounts within the idmap uid/gid range. > > "/var/lib/samba/winbindd_idmap.tdb" shows no new entries. > > I've restarted samba and winbindd, and the whole machine went down for > > a reboot, but I'm still getting the same behavior. > > > > -- only config files below -- > > smb.conf: > > > > [global] > > workgroup = DOMAIN > > realm = DOMAIN > > server string = samba server > > interfaces = eth0 > > bind interfaces only = Yes > > security = ADS > > allow trusted domains = No > > obey pam restrictions = Yes > > pam password change = Yes > > log level = 2 winbind:3 passdb:2 auth:2 > > log file = /var/log/samba/%m.log > > socket options = TCP_noDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > load printers = No > > dns proxy = No > > wins server = DC1 > > idmap backend = rid:BUILTIN=1000-9999, DOMAIN=10000-60000 > > idmap uid = 1000-60000 > > idmap gid = 1000-60000 > > template homedir = /home/%U > > template shell = /bin/bash > > winbind separator = / > > winbind use default domain = Yes > > winbind nested groups = Yes > > hosts allow = 192.168.1.0/255.255.255.0, 127. > > hosts deny = 0.0.0.0/0.0.0.0 > > > > [homes] > > comment = Home Directory > > path = /home/%U > > read only = No > > create mask = 0640 > > directory mask = 0750 > > browseable = No > > > > /end smb.conf > > > > /etc/nsswitch.conf: > > > > passwd: compat winbind > > group: compat winbind > > shadow: compat winbind > > hosts: files dns mdns > > networks: files > > protocols: db files > > services: db files > > ethers: db files > > rpc: db files > > netgroup: nis > > > > /end nsswitch.conf > > > > -- > > Noah Dain > > "The beatings will continue, until moral improves" - the Management > -- > Fernando Ruza ([EMAIL PROTECTED]) > Dto. Informatica > Hospital Univesitario de Guadalajara > Tfl: 949 209 215 > 661 123 845 > Linux user: #273644 (http://counter.li.org) > Debian Sid (Kernel 2.6.14.3 & ext3) > ------------------------------------------------------------------- > Por favor, NO utilice formatos de archivo propietarios para el > intercambio de documentos, como DOC y XLS, sino HTML, RTF, TXT, CSV o > cualquier otro que no obligue a utilizar un programa de un fabricante > concreto. Gracias. > -- Noah Dain "The beatings will continue, until morale improves" - the Management -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
