Re: [Samba] getent passwd problem
Hi, I have replicated this on a test box, if you do a net cache flush, then restart samba and winbind, run getent passwd (only displays local users) then net cache list (will display all cache of remote users) The only way i know to fix this is to rename idmap config name and restart samba/winbind... but a week later the problem will be back.. seems strange to me, is this a bug with 3.3.9 or am i missing something here ? Thanks, Wasim 2009/12/22 Gaiseric Vandal gaiseric.van...@gmail.com I have similar issues with samba 3.0.37 on Solaris 10.I use winbind and ldap for domain trusts (not for the users with in the domain.) Increasing idmap cache time may reduce how often you need to reset things. When the cache time expires I have to zap idmap entries from ldap and zap the idmap cache tbd files. It appears samba can create the cache info but not properly update or reread it once the cache has expired. I have been testing 3.4.3 and it seems better but I can't say for sure yet. (Getting samba compiled with ldap and zfs support for Solaris is tricky.) On 12/22/09 10:44, Wasim Bashir wrote: Hi, I am having a weird issue with samba where once a week approximately at the same time users will lose connectivity, if i run wbinfo -u all users are displayed wbinfo -g all groups are displayed However running getent passwd only shows local-users, no remote users are shown.. To fix the issue I have to change the name of my idmap config and restart samba and winbind and everything works fine for a week... Am I missing something obvious here ? I have attached my config below : [global] security = ads max mux = 16384 log file = /home/sites/samba-log/log.%m ldap timeout = 45 ldap connection timeout = 30 max open files = 10 realm = merlin.internaloffice.co.uk password server = 10.0.9.0 workgroup = WEBHOSTING idmap backend = tdb idmap uid = 500-200 idmap gid = 500-200 winbind enum users = yes winbind enum groups = yes template homedir = /home/sites/%U template shell = /bin/bash client use spnego = yes client ntlmv2 auth = yes encrypt passwords = yes winbind use default domain = yes winbind nss info = template rfc2307 restrict anonymous = 2 idmap config WEBHOSTING : schema_mode = rfc2307 idmap config WEBHOSTING : backend = ad idmap config WEBHOSTING : range= 500 - 3 [home] hide dot files = no path = /home/sites read only = no dos filetime resolution = yes I am using samba 3.3.9, do we know whether this issue has been fixed in samba 3.4.x ? Any help greatly appreciated. Thanks, Wasim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent passwd problem
Wasim Bashir wrote: I am having a weird issue with samba where once a week approximately at the same time users will lose connectivity, if i run wbinfo -u all users are displayed wbinfo -g all groups are displayed However running getent passwd only shows local-users, no remote users are shown.. To fix the issue I have to change the name of my idmap config and restart samba and winbind and everything works fine for a week... Am I missing something obvious here ? I have attached my config below : [global] security = ads max mux = 16384 log file = /home/sites/samba-log/log.%m ldap timeout = 45 ldap connection timeout = 30 max open files = 10 realm = merlin.internaloffice.co.uk password server = 10.0.9.0 workgroup = WEBHOSTING idmap backend = tdb idmap uid = 500-200 idmap gid = 500-200 winbind enum users = yes winbind enum groups = yes template homedir = /home/sites/%U template shell = /bin/bash client use spnego = yes client ntlmv2 auth = yes encrypt passwords = yes winbind use default domain = yes winbind nss info = template rfc2307 restrict anonymous = 2 idmap config WEBHOSTING : schema_mode = rfc2307 idmap config WEBHOSTING : backend = ad idmap config WEBHOSTING : range= 500 - 3 [home] hide dot files = no path = /home/sites read only = no dos filetime resolution = yes I am using samba 3.3.9, do we know whether this issue has been fixed in samba 3.4.x ? Any help greatly appreciated. Thanks, Wasim Could it be a network issue rather than Samba itself - a switch being turned off briefly, IP address being refreshed, DNS issue - that breaks the communication with kerberos or PDC? I heard of one site whose network was interrupted at the same time each day, which they eventually traced to a heavy delivery lorry crushing a badly-installed underground cable. Moray. To err is human. To purr, feline -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] getent passwd problem
Hi, I am having a weird issue with samba where once a week approximately at the same time users will lose connectivity, if i run wbinfo -u all users are displayed wbinfo -g all groups are displayed However running getent passwd only shows local-users, no remote users are shown.. To fix the issue I have to change the name of my idmap config and restart samba and winbind and everything works fine for a week... Am I missing something obvious here ? I have attached my config below : [global] security = ads max mux = 16384 log file = /home/sites/samba-log/log.%m ldap timeout = 45 ldap connection timeout = 30 max open files = 10 realm = merlin.internaloffice.co.uk password server = 10.0.9.0 workgroup = WEBHOSTING idmap backend = tdb idmap uid = 500-200 idmap gid = 500-200 winbind enum users = yes winbind enum groups = yes template homedir = /home/sites/%U template shell = /bin/bash client use spnego = yes client ntlmv2 auth = yes encrypt passwords = yes winbind use default domain = yes winbind nss info = template rfc2307 restrict anonymous = 2 idmap config WEBHOSTING : schema_mode = rfc2307 idmap config WEBHOSTING : backend = ad idmap config WEBHOSTING : range= 500 - 3 [home] hide dot files = no path = /home/sites read only = no dos filetime resolution = yes I am using samba 3.3.9, do we know whether this issue has been fixed in samba 3.4.x ? Any help greatly appreciated. Thanks, Wasim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] getent passwd problem
I'm using RH9, and I have compiled samba 3.0.1 compiled from sources,
with the following options:
./configure --with-winbind --with-winbind-auth-challenge --with-pam \
--with-acl-support --with-ldapsam --with-pam_smbpass \ --with-ads
--with-ldap --with-dce-dfs --with-smbwrapper --enable-pam
net ads join -S server.domain.com -U support worked fine.
I started winbindd. 'wbinfo -u' 'wbinfo -g' can get all users
groups from domain.
But the command 'getent passwd' could only show local accounts,
without any domain mapped accounts inside.
Nscd service also not running.
What could be the problem? Could you please help me to resolve this
issue.
/etc/samba/smb.conf:
[global]
workgroup = OP-DOM
realm = OPAL.I-FLEX.COM
server string = Samba Server
security = ADS
password server = 169.165.63.8
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
idmap uid = 1-2
idmap gid = 1-2
winbind separator = #
winbind use default domain = Yes
/etc/krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = OPAL.I-FLEX.COM
dns_lookup_realm = false
dns_lookup_kdc = true
[realms]
OPAL.I-FLEX.COM = {
kdc = mil-dc-02.opal.i-flex.com
admin_server = mil-dc-02.opal.i-flex.com
default_domain = opal.i-flex.com
}
[domain_realm]
.OPAL.I-FLEX.COM = OPAL.I-FLEX.COM
opal.i-flex.com = OPAL.I-FLEX.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
/etc/nsswitch.conf:
passwd: files winbind
shadow: files
group: files winbind
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc:files
services: files
netgroup: files
publickey: nisplus
automount: files
aliases:files nisplus
--- Logs -
/var/log/samba/log.winbindd:
[2005/01/14 04:03:18, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
Added domain OP-DOM OPAL.I-FLEX.COM
[2005/01/14 04:03:18, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
krb5_cc_get_principal failed (No credentials cache found)
[2005/01/14 04:03:20, 1]
nsswitch/winbindd_util.c:add_trusted_domains(207)
scanning trusted domain list
[2005/01/14 04:03:21, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot
find KDC for requested realm)
[2005/01/14 04:03:22, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
Added domain SING sing.i-flex.com
S-1-5-21-1390067357-1214440339-725345543
[2005/01/14 04:03:22, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot find
KDC for requested realm)
[2005/01/14 04:03:22, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
Added domain CH-DOM ch.i-flex.com
S-1-5-21-1937329982-1241017600-1843927889
[2005/01/14 04:03:32, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot
find KDC for requested realm)
[2005/01/14 04:03:32, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
Added domain PUNENTDOM pune.i-flex.com
S-1-5-21-475882704-881679878-1537874043
[2005/01/14 04:03:33, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot
find KDC for requested realm)
[2005/01/14 04:03:33, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
Added domain SDF1-NT-DOM spz.i-flex.com
S-1-5-21-1549417937-415303249-622671684
[2005/01/14 04:03:33, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot find KDC
for requested realm)
[2005/01/14 04:03:33, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
Added domain I-FLEX i-flex.com
S-1-5-21-1202660629-796845957-1801674531
[2005/01/14 04:03:33, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot find
KDC for requested realm)
[2005/01/14 04:03:34, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
Added domain VPNTDOM vp.i-flex.com
S-1-5-21-635063025-298412223-930774774
[2005/01/14 04:03:34, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot
find KDC for requested realm)
[2005/01/14
[Samba] getent passwd problem (please it's quite URGENT)
Hi, My ultimate goal is to use this samba installation as a member server without having to maintain NT user accounts on the samba box. I have installed samba-3.0.1 in three Red Hat 9.0 machines installation went through fine. My configuration options for Samba were the following: ./configure --with-winbind --with-winbind-auth-challenge --with-pam --with-acl-support --with-ldapsam --with-pam_smbpass --with-ads --with-ldap --with-dce-dfs --with-afs --with-smbwrapper [EMAIL PROTECTED] bin]# ./wbinfo -ug RAHEJA+sysfmg RAHEJA+Guest RAHEJA+TsInternetUser RAHEJA+IUSR_IFLEXPPSERVER-3 RAHEJA+IWAM_IFLEXPPSERVER-3 RAHEJA+administrator RAHEJA+krbtgt RAHEJA+B8D03373-F7A1-4033-8 RAHEJA+newu RAHEJA+user1 RAHEJA+user2 RAHEJA+user3 RAHEJA+subbu RAHEJA+Domain Computers RAHEJA+Domain Controllers RAHEJA+Schema Admins RAHEJA+Enterprise Admins RAHEJA+Cert Publishers RAHEJA+Domain Admins RAHEJA+Domain Users RAHEJA+Domain Guests RAHEJA+Group Policy Creator Owners RAHEJA+RAS and IAS Servers RAHEJA+DnsAdmins RAHEJA+DnsUpdateProxy RAHEJA+Exchange Domain Servers RAHEJA+Exchange Enterprise Servers RAHEJA+DL [EMAIL PROTECTED] bin]# ./wbinfo -t checking the trust secret via RPC calls succeeded [EMAIL PROTECTED] bin]# ./ntlm_auth --username=subbu password: NT_STATUS_OK: Success (0x0) I get the following errors with some wbinfo tests: wbinfo -a subbu%subbu plaintext password authentication failed error code was NT_STATUS_INVALID_PARAMETER (0xc00d) Could not authenticate user user%password with plaintext password challenge/response password authentication succeeded getent passwd and getent group shows only local accounts is not displaying any AD users/groups But if i give [EMAIL PROTECTED] bin]# getent passwd RAHEJA.COM+subbu RAHEJA.COM+subbu:x:1:1:subbu:/home/subbu:/bin/false /home/subbu not created... i am not able to access the shares... herewith i am attaching my smb.conf and krb.conf and nsswitch.conf What may be going wrong? Do i need to modiy any pam.d settings... krb5.conf nsswitch.conf smb.conf . Thanks in advance, Subbu DISCLAIMER: This message contains privileged and confidential information and is intended only for the individual named.If you are not the intended recipient you should not disseminate,distribute,store,print, copy or deliver this message.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain viruses.The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] getent passwd problem (please it's quite URGENT)
On Fri, 2004-01-23 at 23:52, [EMAIL PROTECTED] wrote: Hi, My ultimate goal is to use this samba installation as a member server without having to maintain NT user accounts on the samba box. /home/subbu not created... It is not winbind's role to create home directories. Either pam_mkhomedir, the 'add user script' in smbd (I think), or manual scripts on your part must handle this. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
