[Samba] editposix: winbind -u: Error looking up domain users
Hello list, I'm trying this configuration: http://wiki.samba.org/index.php/Ldapsam_Editposix Everything works. I can add users, list users, delete users (and groups) with net rpc user... I can join clients, etc. *But* wbinfo -u and -g gives: zool...@kvm-test-samba1:~$ wbinfo -u Error looking up domain users zool...@kvm-test-samba1:~$ wbinfo -g BUILTIN\administrators BUILTIN\users Is this normal behavior? Many thanks in advance, Norberto PS: smb.conf just in case: [global] workgroup = PRUEBA passdb backend = ldapsam domain logons = Yes os level = 65 domain master = Yes wins support = Yes ldap admin dn = cn=admin,dc=prueba,dc=dominio ldap delete dn = Yes ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap suffix = dc=prueba,dc=dominio ldap user suffix = ou=users idmap domains = DEFAULT idmap alloc backend = ldap idmap alloc config:range = 5-50 idmap alloc config:ldap_url = ldap://localhost idmap alloc config:ldap_user_dn = cn=admin,dc=prueba,dc=dominio idmap alloc config:ldap_base_dn = ou=idmap,dc=prueba,dc=dominio idmap config DEFAULT:range = 5-50 idmap config DEFAULT:ldap_url = ldap://localhost idmap config DEFAULT:ldap_user_dn = cn=admin,dc=prueba,dc=dominio idmap config DEFAULT:ldap_base_dn = ou=idmap,dc=prueba,dc=dominio idmap config DEFAULT:default = yes idmap config DEFAULT:readonly = no idmap config DEFAULT:backend = ldap ldapsam:editposix = yes ldapsam:trusted = yes winbind use default domain = yes ea support = Yes map acl inherit = Yes hide unreadable = Yes map archive = No map readonly = no store dos attributes = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] editposix: winbind -u: Error looking up domain users
On Wed, Jul 8, 2009 at 4:29 PM, Dale Schroederd...@briannassaladdressing.com wrote: Are you in a domain trust? Otherwise, for a single domain, pdc's don't need winbind. Nope. This is a PDC. But from the link I posted: A running winbind daemon is required to use ldapsam:editposix EVEN ON A SAMBA PDC. Also. On this list someone told me that I need windbind for ACL to work correctly Oh BTW, winbind enum users = yes didn't do anything. zool...@kvm-test-samba1:/var/log/samba$ wbinfo -p Ping to winbindd succeeded on fd 3 zool...@kvm-test-samba1:/var/log/samba$ wbinfo -t checking the trust secret via RPC calls succeeded zool...@kvm-test-samba1:/var/log/samba$ wbinfo -g BUILTIN\administrators BUILTIN\users zool...@kvm-test-samba1:/var/log/samba$ wbinfo -u Error looking up domain users zool...@kvm-test-samba1:/var/log/samba$ testparm -s | grep winbind winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] editposix: winbind -u: Error looking up domain users
On Wed, Jul 8, 2009 at 5:11 PM, Dale Schroederd...@briannassaladdressing.com wrote: A question for you - the link does not mention nsswitch.conf. Is it required to list both ldap and winbind for passwd and group? For example, passwd: compat ldap winbind group: compat ldap winbind I don't know. That's why I'm asking. As I said, everything works except wbinfo -u and wbinfo -g. Maybe it's normal with editposix, but I want to be sure. I would be curious to know the answer. Me too :-) If you're using PAM, I assume that is configured for ldap and winbind also. Nope. I'm not using PAM as I don't authenticate users via PAM in this machine. However, I use LDAP in nss. Thanks for your help. Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] editposix: winbind -u: Error looking up domain users
On Wed, Jul 8, 2009 at 6:38 PM, Dale Schroederd...@briannassaladdressing.com wrote: According to the creator, you do configure nss for both ldap and winbind. http://lists.samba.org/archive/samba-technical/2006-March/045787.html Many thanks for the link but I tried that and nope: wbinfo -u still can't list users. Oh well. Maybe it works like this. Don't worry, this is only a test, not a production box. Best regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] editposix: winbind -u: Error looking up domain users
On Wed, Jul 8, 2009 at 11:29 PM, Aaron Jambuaa...@epits.com.au wrote: Just wondering why you are using winbind. When I use ldap to pull info from Active Directory I dont need to use winbind. please, read my first post -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba