Re: [Samba] "getent group" shows AD groups; "getent passwd" only shows local users

Thu, 22 Jan 2009 15:27:01 -0800 


Tomasz Chmielewski wrote:

I had winbind configured so that it could fetch users from AD.

Everything was working properly, but something happened in the past 
couple of days (no change in the Samba config) I'm not able to diagnose.


"getent group" enumerates groups, "getent passwd" doesn't.


"wbinfo -g" returns groups, whereas I get this error when trying to get 
users:


# wbinfo -u
Error looking up domain users

# net rpc join -S GNCNET -U user_linux
Password:
Joined domain NUT.

# net ads join -S GNCNET -U user_linux
user_linux's password:
[2009/01/22 10:37:06, 0] utils/net_ads.c:ads_startup_int(286)
  ads_connect: No logon servers
Failed to join domain: No logon servers



I see the Samba machine sends and receives packets on port 389 when I do 
"getent passwd", but just no users are returned.


Ideas?


This is my smb.conf:

   workgroup = NUT
   password server = GNCNET
   realm = GNCNET.GEORGIANUT.COM
   security = ads
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   winbind separator = +
   template homedir = /home/%D/cbl
   template shell = /bin/bash
   winbind use default domain = true
   winbind offline logon = false

server string = Samba Server %v
encrypt passwords = Yes

log file = /var/log/samba/log.%m
max log size = 100
log level = 8

os level = 18
local master = No
dns proxy = No

winbind enum users = yes
winbind enum groups = yes


In log.winbindd I can see errors like:

[2009/01/22 10:44:55, 3] libads/ldap.c:ads_do_paged_search_args(696)

  ads_do_paged_search_args: 
ldap_search_with_timeout((objectCategory=user)) -> Operations error
[2009/01/22 10:44:55, 3] 
libads/ldap_utils.c:ads_do_search_retry_internal(76)
  Reopening ads connection to realm 'GEORGIANUT.COM' after error 
Operations error

[2009/01/22 10:44:55, 5] libads/dns.c:sitename_fetch(677)

  sitename_fetch: Returning sitename for georgianut.com: 
"Default-First-Site-Name"

[2009/01/22 10:44:55, 6] libads/ldap.c:ads_find_dc(294)
  ads_find_dc: looking for realm 'georgianut.com'
[2009/01/22 10:44:55, 8] libsmb/namequery.c:get_sorted_dc_list(1626)

  get_sorted_dc_list: attempting lookup for name georgianut.com 
(sitename Default-First-Site-Name) using [ads]






check that your clock on the linux box matches the clock on the DC.


--Brian






--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba






















					Reply via email to