Re: [Samba] getent passwd strange behavior
Good morning people I have installed samba from sernet repositories and currently it's working perfectly. If you have a Debian-based, RHEL (or CentOS) or Suse Enterprise (or openSuse) browse this FTP ftp://ftp.sernet.de/pub/samba/3.4/ or the web http://enterprisesamba.com/ in order to find the appropiate package for your distribution. Good luck El lun, 11-04-2011 a las 12:25 +0200, Zabel, Daniel escribió: Hi Noé, thank you for your quick reply. cvadmin is a domain user. Interesting that you have no problems using the old schema. If I try in /etc/samba/smb.conf [global] workgroup = MYDOMAIN password server = ldap.mydomain.com realm = MYDOMAIN.COM security = ads idmap uid = 100-50 idmap gid = 100-50 idmap backend = ad winbind nss info = rfc2307 winbind normalize names = yes winbind use default domain = true winbind offline logon = false winbind cache time = 180 winbind enum users = yes winbind enum groups = yes winbind nested groups = Yes No domainuser could be resolved anymore. Same config work on our other samba servers. /var/log/samba/log.winbind-idmap shows: [2011/04/11 12:24:13.560317, 3, effective(0, 0), real(0, 0)] libsmb/namequery.c:1880(get_dc_list) get_dc_list: preferred server list: , * [2011/04/11 12:24:13.560365, 3, effective(0, 0), real(0, 0)] libsmb/namequery.c:1119(resolve_lmhosts) resolve_lmhosts: Attempting lmhosts lookup for name *0x1c [2011/04/11 12:24:13.560467, 3, effective(0, 0), real(0, 0)] libsmb/namequery_dc.c:169(rpc_dc_name) Could not look up dc's for domain * [2011/04/11 12:24:13.560487, 0, effective(0, 0), real(0, 0)] libads/ldap.c:337(ads_find_dc) ads_find_dc: no realm or workgroup! Don't know what to do [2011/04/11 12:24:13.560505, 1, effective(0, 0), real(0, 0)] winbindd/idmap_ad.c:143(ad_idmap_cached_connection_internal) ad_idmap_init: failed to connect to AD [2011/04/11 12:24:13.560518, 1, effective(0, 0), real(0, 0)] winbindd/idmap_ad.c:543(idmap_ad_sids_to_unixids) ADS uninitialized: Invalid parameter [2011/04/11 12:24:13.560564, 3, effective(0, 0), real(0, 0)] winbindd/idmap.c:684(idmap_new_mapping) default domain not writable Cheers, Daniel Von: Noé Puyal [mailto:npu...@valls.cat] Gesendet: Montag, 11. April 2011 10:41 An: Zabel, Daniel Betreff: Re: [Samba] getent passwd strange behavior Hi Daniel First of all, one question, cvadmin is a domain user or local user? If cvadmin is a local user you should raise the 100 to a number after the last UID and GID. Also, as you said, I have all my samba servers with old idmap schema working properly. Good morning El lun, 11-04-2011 a las 09:38 +0200, Zabel, Daniel escribió: idmap uid = 100-50 idmap gid = 100-50 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent passwd strange behavior
Good morning Just after telling you I had no problems with getent I updated to 3.5.6 and I am having similar issues as the ones you have described. I will give a try to Sernet-Samba 3.4.12 and I will tell my experience. El lun, 11-04-2011 a las 12:25 +0200, Zabel, Daniel escribió: Hi Noé, thank you for your quick reply. cvadmin is a domain user. Interesting that you have no problems using the old schema. If I try in /etc/samba/smb.conf [global] workgroup = MYDOMAIN password server = ldap.mydomain.com realm = MYDOMAIN.COM security = ads idmap uid = 100-50 idmap gid = 100-50 idmap backend = ad winbind nss info = rfc2307 winbind normalize names = yes winbind use default domain = true winbind offline logon = false winbind cache time = 180 winbind enum users = yes winbind enum groups = yes winbind nested groups = Yes No domainuser could be resolved anymore. Same config work on our other samba servers. /var/log/samba/log.winbind-idmap shows: [2011/04/11 12:24:13.560317, 3, effective(0, 0), real(0, 0)] libsmb/namequery.c:1880(get_dc_list) get_dc_list: preferred server list: , * [2011/04/11 12:24:13.560365, 3, effective(0, 0), real(0, 0)] libsmb/namequery.c:1119(resolve_lmhosts) resolve_lmhosts: Attempting lmhosts lookup for name *0x1c [2011/04/11 12:24:13.560467, 3, effective(0, 0), real(0, 0)] libsmb/namequery_dc.c:169(rpc_dc_name) Could not look up dc's for domain * [2011/04/11 12:24:13.560487, 0, effective(0, 0), real(0, 0)] libads/ldap.c:337(ads_find_dc) ads_find_dc: no realm or workgroup! Don't know what to do [2011/04/11 12:24:13.560505, 1, effective(0, 0), real(0, 0)] winbindd/idmap_ad.c:143(ad_idmap_cached_connection_internal) ad_idmap_init: failed to connect to AD [2011/04/11 12:24:13.560518, 1, effective(0, 0), real(0, 0)] winbindd/idmap_ad.c:543(idmap_ad_sids_to_unixids) ADS uninitialized: Invalid parameter [2011/04/11 12:24:13.560564, 3, effective(0, 0), real(0, 0)] winbindd/idmap.c:684(idmap_new_mapping) default domain not writable Cheers, Daniel Von: Noé Puyal [mailto:npu...@valls.cat] Gesendet: Montag, 11. April 2011 10:41 An: Zabel, Daniel Betreff: Re: [Samba] getent passwd strange behavior Hi Daniel First of all, one question, cvadmin is a domain user or local user? If cvadmin is a local user you should raise the 100 to a number after the last UID and GID. Also, as you said, I have all my samba servers with old idmap schema working properly. Good morning El lun, 11-04-2011 a las 09:38 +0200, Zabel, Daniel escribió: idmap uid = 100-50 idmap gid = 100-50 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent passwd strange behavior
Can anybody give me a hint where get_dc_list fetches the entries. Because - [2011/04/11 12:24:13.560317, 3, effective(0, 0), real(0, 0)] libsmb/namequery.c:1880(get_dc_list) get_dc_list: preferred server list: , * - seems to be wrong. Cheers, Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] getent passwd strange behavior
Hi, I have a problem with the combo of CentOS 5.5, the latest Samba Packages from Sernet and our Active Directory. Samba Packages installed: samba3-cifsmount-3.5.8-43.el5 samba3-client-3.5.8-43.el5 samba3-3.5.8-43.el5 samba3-utils-3.5.8-43.el5 samba3-winbind-32bit-3.5.8-43.el5 samba3-winbind-3.5.8-43.el5 When I try to get all users or groups via getent command, only local users/groups are displayed. If I try to fetch information for an individual user or group by getent everything is working as expected. getent passwd cvadmin shows: cvadmin:*:5582:499:cvadmin:/home/cvadmin:/bin/sh but getent passwd only shows local users nsswitch.conf is configured, domain join was successful and my smb.conf looks like this: [global] workgroup = MYDOMAIN password server = ldap.mydomain.com realm = MYDOMAIN.COM security = ads #idmap idmap domains = BUILTIN, MYDOMAIN idmap config MYDOMAIN:default = yes idmap config MYDOMAIN:schema_mode = rfc2307 idmap config MYDOMAIN:backend = ad idmap config MYDOMAIN:range = 100-50 idmap alloc backend = tdb idmap config BUILTIN:backend = tdb idmap alloc backend = tdb idmap uid = 100-50 idmap gid = 100-50 winbind nss info = rfc2307 winbind normalize names = yes winbind use default domain = true winbind offline logon = false winbind cache time = 180 winbind enum users = yes winbind enum groups = yes winbind nested groups = Yes server string = %h auth methods = winbind allow trusted domains = No We have 2 other Samba Servers using an older Version of Samba with different configurations (old idmap schema) which both works properly. Any suggestion how we could solve the problem? Cheers, Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent passwd strange behavior
Hi Noé, thank you for your quick reply. cvadmin is a domain user. Interesting that you have no problems using the old schema. If I try in /etc/samba/smb.conf [global] workgroup = MYDOMAIN password server = ldap.mydomain.com realm = MYDOMAIN.COM security = ads idmap uid = 100-50 idmap gid = 100-50 idmap backend = ad winbind nss info = rfc2307 winbind normalize names = yes winbind use default domain = true winbind offline logon = false winbind cache time = 180 winbind enum users = yes winbind enum groups = yes winbind nested groups = Yes No domainuser could be resolved anymore. Same config work on our other samba servers. /var/log/samba/log.winbind-idmap shows: [2011/04/11 12:24:13.560317, 3, effective(0, 0), real(0, 0)] libsmb/namequery.c:1880(get_dc_list) get_dc_list: preferred server list: , * [2011/04/11 12:24:13.560365, 3, effective(0, 0), real(0, 0)] libsmb/namequery.c:1119(resolve_lmhosts) resolve_lmhosts: Attempting lmhosts lookup for name *0x1c [2011/04/11 12:24:13.560467, 3, effective(0, 0), real(0, 0)] libsmb/namequery_dc.c:169(rpc_dc_name) Could not look up dc's for domain * [2011/04/11 12:24:13.560487, 0, effective(0, 0), real(0, 0)] libads/ldap.c:337(ads_find_dc) ads_find_dc: no realm or workgroup! Don't know what to do [2011/04/11 12:24:13.560505, 1, effective(0, 0), real(0, 0)] winbindd/idmap_ad.c:143(ad_idmap_cached_connection_internal) ad_idmap_init: failed to connect to AD [2011/04/11 12:24:13.560518, 1, effective(0, 0), real(0, 0)] winbindd/idmap_ad.c:543(idmap_ad_sids_to_unixids) ADS uninitialized: Invalid parameter [2011/04/11 12:24:13.560564, 3, effective(0, 0), real(0, 0)] winbindd/idmap.c:684(idmap_new_mapping) default domain not writable Cheers, Daniel Von: Noé Puyal [mailto:npu...@valls.cat] Gesendet: Montag, 11. April 2011 10:41 An: Zabel, Daniel Betreff: Re: [Samba] getent passwd strange behavior Hi Daniel First of all, one question, cvadmin is a domain user or local user? If cvadmin is a local user you should raise the 100 to a number after the last UID and GID. Also, as you said, I have all my samba servers with old idmap schema working properly. Good morning El lun, 11-04-2011 a las 09:38 +0200, Zabel, Daniel escribió: idmap uid = 100-50 idmap gid = 100-50 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
