Re: [Samba] Getent passwd and getent group fail / Samba 3.5.2
I have investigated further and compared the behaviour of samba 3.3 and samba 3.5 on 2 identical SLES9 VM's. Samba 3.3 is working as expected with our Win2k3 SFU Domain and idmap_ad module. Samba 3.5 is not. I noticed that there are a few kerberos params that have changed in 3.5 but I just can't get 3.5 to work as expected: sles9test3:~ # testparm Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Unknown parameter encountered: use kerberos keytab Ignoring unknown parameter use kerberos keytab Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions For example I can run getent passwd and getent group fine under 3.3 but not under 3.5. Also I created a user in AD tuser2 this user is visible within 1 minute under 3.3 under 3.5 it's not even visible after a reboot. Also group memberships of AD users are not updated under 3.5.2. I'm not sure if this is a bug. I tried a lot of things in smb.conf but it just doesn't work. At the moment I have to consider going back to 3.3. I googled a lot in the past days to find a correct smb.conf for 3.5 and idmap_ad but it's really hard to find a well documented howto. I would really appreciate if someone has a look on this. Here is my smb.conf: [global] netbios name = sles9test1 realm = SOMEDOMAIN.NET workgroup = SOMEDOMAIN security = ADS encrypt passwords = yes password server = dc.somedomain.net os level = 20 idmap backend = ad idmap config SOMEDOMAIN : backend = ad idmap config SOMEDOMAIN : schema_mode = sfu idmap config SOMEDOMAIN : range = 0- winbind nss info = sfu winbind enum users = yes winbind enum groups = yes preferred master = no winbind nested groups = Yes winbind use default domain = Yes max log size = 50 log level = 10 log file = /var/log/samba/log.%m dns proxy = no wins server = 172.20.200.18 172.18.200.20 allow trusted domains = no client use spnego = Yes use kerberos keytab = true winbind refresh tickets = yes idmap cache time = 1 winbind cache time = 1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Getent passwd and getent group fail / Samba 3.5.2
Im really totally lost about this problem. I tried a lot of things in smb.conf but it just doesn't work. I mean it is working fine on 3.3.2 so I don't think this is a problem in AD. It must be something that has changed in the config of 3.5.2 -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Oliver Weinmann Sent: Dienstag, 4. Mai 2010 10:21 To: samba@lists.samba.org Subject: [Samba] Getent passwd and getent group fail / Samba 3.5.2 Hi all, I just stepped over a problem where I can't add a local user to an AD group. Running getent passwd and getent group doesn't display the AD users. Wbinfo -g and -u work fine. Here is my smb.conf: [global] netbios name = sles11test1 realm = SOMEDOMAIN.NET workgroup = SOMEDOMAIN security = ADS encrypt passwords = yes password server = someserver.somedomain.net idmap backend = ad idmap config SOMEDOMAIN : backend = ad idmap config SOMEDOMAIN : schema_mode = sfu idmap config SOMEDOMAIN : range = 0- winbind nss info = sfu winbind enum users = yes winbind enum groups = yes winbind offline logon = yes preferred master = no winbind nested groups = Yes winbind use default domain = Yes max log size = 50 log file = /var/log/samba/log.%m log level = 3 dns proxy = no wins server = 172.20.200.18 172.18.200.20 allow trusted domains = No client use spnego = Yes kerberos method = secrets and keytab dedicated keytab file = /etc/krb5.keytab winbind refresh tickets = true idmap cache time = 1 idmap negative cache time = 1 winbind cache time = 1 In the log I get this error when running getent group: tail -f /var/log/samba/log.winbindd-idmap Could not get unix ID [2010/05/04 10:15:29.444783, 1] winbindd/idmap_ad.c:651(idmap_ad_sids_to_unixids) Could not get unix ID Getent group and passwd works fine e.g. on an old ubuntu install with samba 3.3.2. So far I have this problem on SLES9 and SLES11. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Getent passwd and getent group fail / Samba 3.5.2
Hi all, I just stepped over a problem where I can't add a local user to an AD group. Running getent passwd and getent group doesn't display the AD users. Wbinfo -g and -u work fine. Here is my smb.conf: [global] netbios name = sles11test1 realm = SOMEDOMAIN.NET workgroup = SOMEDOMAIN security = ADS encrypt passwords = yes password server = someserver.somedomain.net idmap backend = ad idmap config SOMEDOMAIN : backend = ad idmap config SOMEDOMAIN : schema_mode = sfu idmap config SOMEDOMAIN : range = 0- winbind nss info = sfu winbind enum users = yes winbind enum groups = yes winbind offline logon = yes preferred master = no winbind nested groups = Yes winbind use default domain = Yes max log size = 50 log file = /var/log/samba/log.%m log level = 3 dns proxy = no wins server = 172.20.200.18 172.18.200.20 allow trusted domains = No client use spnego = Yes kerberos method = secrets and keytab dedicated keytab file = /etc/krb5.keytab winbind refresh tickets = true idmap cache time = 1 idmap negative cache time = 1 winbind cache time = 1 In the log I get this error when running getent group: tail -f /var/log/samba/log.winbindd-idmap Could not get unix ID [2010/05/04 10:15:29.444783, 1] winbindd/idmap_ad.c:651(idmap_ad_sids_to_unixids) Could not get unix ID Getent group and passwd works fine e.g. on an old ubuntu install with samba 3.3.2. So far I have this problem on SLES9 and SLES11. Oliver Weinmann Unix and Storage Administrator VEGA Deutschland GmbH Co. KG Europaplatz 5 64293 Darmstadt Germany Tel : +49 (0)6151 8257-0 Fax : +49 (0)6151 8257-799 Email : oliver.weinm...@vega.de Web : www.vega.de Registered office/Sitz: Köln, Register court/Registergericht: Köln, HRA 19223; Fully Liable Partner/Persönlich haftende Gesellschafterin: VEGA Deutschland Management GmbH, Registered office/Sitz: Köln, Register court/Registergericht: Köln, HRB 43189; Managing Directors/Geschäftsführer: Kurosch Balali, Sigmar Keller, John Lewis, Manfred Müller Notice of Confidentiality This transmission is intended for the named addressee only. It contains information which may be confidential and which may also be privileged. Unless you are the named addressee (or authorised to receive it for the addressee) you may not copy or use it, or disclose it to anyone else. If you have received this transmission in error please notify the sender immediately. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Getent passwd and getent group fail / Samba 3.5.2
On 5/4/2010 4:20 AM, Oliver Weinmann had this to say: Hi all, I just stepped over a problem where I can't add a local user to an AD group. Running getent passwd and getent group doesn't display the AD users. Wbinfo -g and -u work fine. Here is my smb.conf: snip In the log I get this error when running getent group: tail -f /var/log/samba/log.winbindd-idmap Could not get unix ID [2010/05/04 10:15:29.444783, 1] winbindd/idmap_ad.c:651(idmap_ad_sids_to_unixids) Could not get unix ID Doesn't that indicate that Samba thinks the SFU extensions aren't installed? What is the version of AD? Is it 2003 R2, or 2003 with SFU installed? -- Michael J. Leone, mailto:tur...@mike-leone.com PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF Photo Gallery: http://www.flickr.com/photos/mikeleonephotos USER ERROR: replace user and press any key to continue. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
