Re: [Samba] how to make 'winbind nss info = sfu' work in v >= 3.0.26a

At the suggestion of someone who replied offline, I tried replacing
reference to 'sfu' with 'rfc2307', as well as converting to the newer
idmap config directives. However, I still can't resolve sids to uids.

Now, instead of complaining about not finding sfu.so, the log complains
about not finding rfc2307.so:

/* BEGIN log.wb-MYDOMAIN excerpt : */
[2008/04/16 13:21:15, 5] nsswitch/nss_info.c:smb_register_idmap_nss(79)
smb_register_idmap_nss: Successfully added idmap nss backend 'template'
[2008/04/16 13:21:15, 5] lib/module.c:smb_probe_module(108)
Probing module 'rfc2307'
[2008/04/16 13:21:15, 5] lib/module.c:smb_probe_module(119)
Probing module 'rfc2307': Trying to load from /usr/lib/samba/nss_info/rfc2307.so
[2008/04/16 13:21:15, 3] lib/module.c:do_smb_load_module(49)
Error loading module '/usr/lib/samba/nss_info/rfc2307.so': /usr/lib/samba/nss_info/rfc2307.so: cannot open shared object file: No such file or directory
[2008/04/16 13:21:15, 3] nsswitch/nss_info.c:nss_init(209)
nss_init: no nss backends configured. Defaulting to "template".
/* END log.wb-MYDOMAIN excerpt */

It seems strange that log.winbindd-idmap says it successfully loaded nss backend 'sfu':

/* BEGIN log.winbindd-idmap excerpt : */
[2008/04/16 13:21:15, 1] nsswitch/idmap.c:idmap_init(365)
Initializing idmap domains
[2008/04/16 13:21:15, 5] lib/module.c:smb_probe_module(108)
Probing module 'ad'
[2008/04/16 13:21:15, 5] lib/module.c:smb_probe_module(119)
Probing module 'ad': Trying to load from /usr/lib/samba/idmap/ad.so
[2008/04/16 13:21:15, 2] lib/module.c:do_smb_load_module(64)
Module '/usr/lib/samba/idmap/ad.so' loaded
[2008/04/16 13:21:15, 5] nsswitch/idmap.c:smb_register_idmap(163)
Successfully added idmap backend 'ad'
[2008/04/16 13:21:15, 5] nsswitch/nss_info.c:smb_register_idmap_nss(79)
smb_register_idmap_nss: Successfully added idmap nss backend 'rfc2307'
[2008/04/16 13:21:15, 5] nsswitch/nss_info.c:smb_register_idmap_nss(79)
smb_register_idmap_nss: Successfully added idmap nss backend 'sfu'
[2008/04/16 13:21:15, 5] nsswitch/idmap.c:idmap_init(452)
Forcing to readonly, as this module can't store arbitrary mappings.
/* END log.winbindd-idmap excerpt */

Anyone have an idea of what is messed up here? Thanks,

Jon

* Jonathan Detert <Jonathan.Detert@msoe.edu> [080415 16:00]:
> There is an instance of Ms.Active Directory that has had the 'Services
> For Unix' applied.
>
> I use winbind v3.0.24 to get user/group info from that Ms.Active directory
> instance like so:
> -------- begin smb.conf snippet: ------------
> security = ADS
> realm = mydomain.com
> workgroup = MYDOMAIN
>
> winbind enum groups = yes
> winbind enum users = yes
> winbind nested groups = yes
> winbind nss info = sfu
> winbind separator = +
> winbind use default domain = yes
>
> idmap gid = 500-45000
> idmap uid = 500-45000
> idmap backend = ad
> -------- end smb.conf snippet: ------------
>
> that works fine on ubuntu v7.04.
>
> The same config, shown above, does not work under winbind v3.0.26a
> running on ubuntu v7.10. I can turn an name into a sid, and the sid
> back into a name (via wbinfo -n and -s, respectively), but I can't turn
> a sid into a unix uid or gid (via the -S argument). Also, 'getent passwd'
> doesn't return any users from Active Directory.
>
> Any idea what's wrong? Is it my config?
> --
> Jon Detert
> IT Systems Administrator, Milwaukee School of Engineering
> 1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A.
> --
> Linus Torvalds can divide by zero.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba

--
Jon Detert
IT Systems Administrator, Milwaukee School of Engineering
1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A.
--
Fashion is a form of ugliness so intolerable that we have to alter it every six months.

~ Oscan Wilde
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba