samba-users May 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: Re: [Samba] Getent passwd and getent group fail / S

Re: [Samba] Getent passwd and getent group fail / Samba 3.5.2

From: Oliver Weinmann <oliver.weinmann_at_nospam>
Date: Wed May 05 2010 - 08:00:54 GMT
To: "Oliver Weinmann" <oliver.weinmann@vega.de>, <samba@lists.samba.org>

Im really totally lost about this problem. I tried a lot of things in
smb.conf but it just doesn't work. I mean it is working fine on 3.3.2 so
I don't think this is a problem in AD. It must be something that has
changed in the config of 3.5.2

-----Original Message-----
From: samba-bounces@lists.samba.org
[mailto:samba-bounces@lists.samba.org] On Behalf Of Oliver Weinmann
Sent: Dienstag, 4. Mai 2010 10:21
To: samba@lists.samba.org
Subject: [Samba] Getent passwd and getent group fail / Samba 3.5.2

Hi all,

I just stepped over a problem where I can't add a local user to an AD
group. Running getent passwd and getent group doesn't display the AD
users. Wbinfo -g and -u work fine. Here is my smb.conf:

[global]
        netbios name = sles11test1
        realm = SOMEDOMAIN.NET
        workgroup = SOMEDOMAIN
        security = ADS
        encrypt passwords = yes
        password server = someserver.somedomain.net
        idmap backend = ad
        idmap config SOMEDOMAIN : backend = ad
        idmap config SOMEDOMAIN : schema_mode = sfu
        idmap config SOMEDOMAIN : range = 0-99999999
        winbind nss info = sfu
        winbind enum users = yes
        winbind enum groups = yes
        winbind offline logon = yes
        preferred master = no
        winbind nested groups = Yes
        winbind use default domain = Yes
        max log size = 50
        log file = /var/log/samba/log.%m
        log level = 3
        dns proxy = no
        wins server = 172.20.200.18 172.18.200.20
        allow trusted domains = No
        client use spnego = Yes
        kerberos method = secrets and keytab
        dedicated keytab file = /etc/krb5.keytab
        winbind refresh tickets = true
        idmap cache time = 1
        idmap negative cache time = 1
        winbind cache time = 1

In the log I get this error when running getent group:

tail -f /var/log/samba/log.winbindd-idmap
  Could not get unix ID
[2010/05/04 10:15:29.444783, 1]
winbindd/idmap_ad.c:651(idmap_ad_sids_to_unixids)
  Could not get unix ID

Getent group and passwd works fine e.g. on an old ubuntu install with
samba 3.3.2.

So far I have this problem on SLES9 and SLES11.
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba