Re: [Samba] getent group by name fails
On Fri, 2013-10-11 at 14:06 -0400, Lee Allen wrote: Steve thank you for pointing that out. I made those changes and it does not effect the results. 'getent group UID' works 'getent group groupname' does not work, for the same group On Fri, Oct 11, 2013 at 12:25 PM, steve st...@steve-ss.com wrote: Quite a bit missing here. Try: idmap config * : backend = tdb idmap config * : range = 9800-9900 idmap config ALLENLAN : default = yes idmap config ALLENLAN : schema mode = rfc2307 idmap config ALLENLAN : backend = ad idmap config ALLENLAN : range = 1-100 HTH Steve I don't think it works with winbind. If you really need it, the best way is to use sssd or nslcd. Is it important that it works for you? A script maybe? Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent group by name fails
On Fri, Oct 11, 2013 at 10:16:48AM -0400, Lee Allen wrote: Samba 3.6.17 joined to Samba 4.2.0 AD domain, using winbind 'wbinfo -g' and 'getent group' successfully list all groups. 'getent group 10006' returns: domain users:x:10006: 'getent group domain users' fails with return code 2 partial log.winbind after above command: [2013/10/11 10:01:31.288199, 3] winbindd/winbindd_misc.c:384(winbindd_interface_version) [31911]: request interface version [2013/10/11 10:01:31.288288, 3] winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir) [31911]: request location of privileged pipe [2013/10/11 10:01:31.288421, 3] winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send) getgrnam domain users [2013/10/11 10:01:31.288520, 3] winbindd/winbindd_msrpc.c:252(msrpc_name_to_sid) msrpc_name_to_sid: name=DOMAIN\USERS [2013/10/11 10:01:31.288547, 3] winbindd/winbindd_msrpc.c:266(msrpc_name_to_sid) name_to_sid [rpc] DOMAIN\USERS for domain DOMAIN if I specify the domain name, ie: 'getent group ALLENLAN\\domain users' it still fails... [2013/10/11 10:02:18.280728, 3] winbindd/winbindd_misc.c:384(winbindd_interface_version) [31925]: request interface version [2013/10/11 10:02:18.280823, 3] winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir) [31925]: request location of privileged pipe [2013/10/11 10:02:18.280940, 3] winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send) getgrnam ALLENLAN\domain users [2013/10/11 10:02:18.281033, 3] winbindd/winbindd_msrpc.c:252(msrpc_name_to_sid) msrpc_name_to_sid: name=ALLENLAN\DOMAIN\USERS [2013/10/11 10:02:18.281060, 3] winbindd/winbindd_msrpc.c:266(msrpc_name_to_sid) name_to_sid [rpc] ALLENLAN\DOMAIN\USERS for domain ALLENLAN\DOMAIN Note the missing space in DOMAIN\USERS in the logs. I don't know whether this is relevant. 'getent passwd' does not have any such problems - it can query by UID or username smb.conf: [global] workgroup = ALLENLAN realm = allenlan.net password server = 192.168.0.13 preferred master = no server string = zone-samba3 security = ads encrypt passwords = yes log level = 3 log file = /var/log/samba/%m max log size = 50 printcap name = cups printing = cups winbind enum users = yes winbind enum groups = yes winbind use default domain = yes Please try without winbind use default domain = yes winbind nested groups = yes winbind separator = \ Just a wild guess: Can you try removing this line? \ is default. If that does not help, please send us full debug level 10 logs of that command together with the output of strace -ttT -s 1000 -o /tmp/getent.out getent group domain users Regards, Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de * visit us on it-sa:IT security exhibitions in Nürnberg, Germany October 8th - 10th 2013, hall 12, booth 333 free tickets available via code 270691 on: www.it-sa.de/gutschein ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent group by name fails
On Fri, 2013-10-11 at 10:16 -0400, Lee Allen wrote: Samba 3.6.17 joined to Samba 4.2.0 AD domain, using winbind 'wbinfo -g' and 'getent group' successfully list all groups. 'getent group 10006' returns: domain users:x:10006: 'getent group domain users' fails with return code 2 partial log.winbind after above command: [2013/10/11 10:01:31.288199, 3] winbindd/winbindd_misc.c:384(winbindd_interface_version) [31911]: request interface version [2013/10/11 10:01:31.288288, 3] winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir) [31911]: request location of privileged pipe [2013/10/11 10:01:31.288421, 3] winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send) getgrnam domain users [2013/10/11 10:01:31.288520, 3] winbindd/winbindd_msrpc.c:252(msrpc_name_to_sid) msrpc_name_to_sid: name=DOMAIN\USERS [2013/10/11 10:01:31.288547, 3] winbindd/winbindd_msrpc.c:266(msrpc_name_to_sid) name_to_sid [rpc] DOMAIN\USERS for domain DOMAIN if I specify the domain name, ie: 'getent group ALLENLAN\\domain users' it still fails... [2013/10/11 10:02:18.280728, 3] winbindd/winbindd_misc.c:384(winbindd_interface_version) [31925]: request interface version [2013/10/11 10:02:18.280823, 3] winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir) [31925]: request location of privileged pipe [2013/10/11 10:02:18.280940, 3] winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send) getgrnam ALLENLAN\domain users [2013/10/11 10:02:18.281033, 3] winbindd/winbindd_msrpc.c:252(msrpc_name_to_sid) msrpc_name_to_sid: name=ALLENLAN\DOMAIN\USERS [2013/10/11 10:02:18.281060, 3] winbindd/winbindd_msrpc.c:266(msrpc_name_to_sid) name_to_sid [rpc] ALLENLAN\DOMAIN\USERS for domain ALLENLAN\DOMAIN Note the missing space in DOMAIN\USERS in the logs. I don't know whether this is relevant. 'getent passwd' does not have any such problems - it can query by UID or username smb.conf: [global] workgroup = ALLENLAN realm = allenlan.net password server = 192.168.0.13 preferred master = no server string = zone-samba3 security = ads encrypt passwords = yes log level = 3 log file = /var/log/samba/%m max log size = 50 printcap name = cups printing = cups winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind nested groups = yes winbind separator = \ idmap config * : backend = ad idmap config * : range = 1-10 Quite a bit missing here. Try: idmap config * : backend = tdb idmap config * : range = 9800-9900 idmap config ALLENLAN : default = yes idmap config ALLENLAN : schema mode = rfc2307 idmap config ALLENLAN : backend = ad idmap config ALLENLAN : range = 1-100 HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent group by name fails
Steve thank you for pointing that out. I made those changes and it does not effect the results. 'getent group UID' works 'getent group groupname' does not work, for the same group On Fri, Oct 11, 2013 at 12:25 PM, steve st...@steve-ss.com wrote: Quite a bit missing here. Try: idmap config * : backend = tdb idmap config * : range = 9800-9900 idmap config ALLENLAN : default = yes idmap config ALLENLAN : schema mode = rfc2307 idmap config ALLENLAN : backend = ad idmap config ALLENLAN : range = 1-100 HTH Steve -- *Lee Allen* email: l...@leecallen.com bus: (404) 698-1801 home: (716) 773-2326 cell: (716) 880-0854 fax: (716) 408-8844 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent group by name fails
On 11/10/13 19:06, Lee Allen wrote: Steve thank you for pointing that out. I made those changes and it does not effect the results. 'getent group UID' works 'getent group groupname' does not work, for the same group On Fri, Oct 11, 2013 at 12:25 PM, steve st...@steve-ss.com wrote: Quite a bit missing here. Try: idmap config * : backend = tdb idmap config * : range = 9800-9900 idmap config ALLENLAN : default = yes idmap config ALLENLAN : schema mode = rfc2307 idmap config ALLENLAN : backend = ad idmap config ALLENLAN : range = 1-100 HTH Steve Hi, have you tried 'getent group Domain\ Users' ? Mind you if all else fails, ditch winbind and use sssd getent group root:x:0: . Domain Admins:*:27: Domain Guests:*:65534: Domain Users:*:100: linuxusers:*:1: getent group 100 users:x:100: getent group users users:x:100: getent group Domain\ Users Domain Users:*:100: getent group Domain Users Domain Users:*:100: getent group domain users The last one is the only one that failed Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent group by name fails
Those don't work for me: getent group domain users getent group Domain Users getent group Domain\ Users all fail, returning 2 I will look into sssd On Fri, Oct 11, 2013 at 2:36 PM, Rowland Penny rowlandpe...@googlemail.comwrote: On 11/10/13 19:06, Lee Allen wrote: Steve thank you for pointing that out. I made those changes and it does not effect the results. 'getent group UID' works 'getent group groupname' does not work, for the same group On Fri, Oct 11, 2013 at 12:25 PM, steve st...@steve-ss.com wrote: Quite a bit missing here. Try: idmap config * : backend = tdb idmap config * : range = 9800-9900 idmap config ALLENLAN : default = yes idmap config ALLENLAN : schema mode = rfc2307 idmap config ALLENLAN : backend = ad idmap config ALLENLAN : range = 1-100 HTH Steve Hi, have you tried 'getent group Domain\ Users' ? Mind you if all else fails, ditch winbind and use sssd getent group root:x:0: . Domain Admins:*:27: Domain Guests:*:65534: Domain Users:*:100: linuxusers:*:1: getent group 100 users:x:100: getent group users users:x:100: getent group Domain\ Users Domain Users:*:100: getent group Domain Users Domain Users:*:100: getent group domain users The last one is the only one that failed Rowland -- *Lee Allen* email: l...@leecallen.com bus: (404) 698-1801 home: (716) 773-2326 cell: (716) 880-0854 fax: (716) 408-8844 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
