[Samba] samba, ads, winbind and active directory

I can enumerate users and groups from the domain but I cannot
authenticate the users.

Any help?

--
Jas
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

Do you not get any result for a 'getent passwd', and yes for 'wbinfo -u' ?
I think I had the same problem before, I'll try to remember it.

David Molina


On Tue, May 27, 2008 at 3:25 PM, Jason Gerfen <jason.gerfen@scl.utah.edu>
wrote:

> I can enumerate users and groups from the domain but I cannot authenticate
> the users.
>
> Any help?
>
> --
> Jas
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

That is correct. Some more information so that I might receive some help
with this.

I can perform the following commands without problem:
wbinfo -t
wbinfo -m
wbinfo -g
wbinfo -u
wbinfo --krb5auth=user%password

I am not able to do the following:
getent group
getent passwd
net use x: \\valhalla\test /user:user (from a windows machine)

Anyone know what I am doing wrong or could perhaps provide some more
insight? I am definitely seeing somethings in the logs that I am unsure
of how to fix. Any help, pointers etc are appreciated.

Some log data:
[log.winbindd-idmap]
[2008/05/27 14:20:18, 10] nsswitch/idmap_util.c:idmap_sid_to_uid(125)
sid [S-1-5-21-2868754479-89028146-2101856903-88475] not mapped to an
uid [2,1,2885498664]

Contents of my smb.conf
[global]
workgroup = scl
realm = SCL.UTAH.EDU
server string = valhalla.scl.utah.edu
netbios name = valhalla

password server = *
encrypt passwords = true
security = ads

os level = 20

allow trusted domains = no
auth methods = winbind

ldap ssl = no

interfaces = eth0, lo
bind interfaces only = yes
socket options = TCP_NODELAY

log level = 20
log file = /var/log/samba3/log.%m
max log size = 50

client signing = yes
client schannel = no
client use spnego = yes

preferred master = no
local master = no
domain master = no
wins proxy = no
dns proxy = No

template shell = /bin/bash
nt acl support = yes
inherit permissions = yes
create mask = 0775
template homedir = /home/%U

winbind uid = 1000-2000000
winbind gid = 500-2000000
winbind separator = /
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind use default domain = yes
winbind offline logon = true
winbind nss info = sfu

idmap uid = 1000-2000000
idmap gid = 500-2000000
idmap domains = THEDOMAIN
idmap config THEDOMAIN:backend = ad
idmap config THEDOMAIN:default = yes
idmap config THEDOMAIN:schema_mode = rfc2307
idmap config THEDOMAIN:range = 1000 - 300000000


printcap name = cups
printing = cups
load printers = yes
cups options = raw
print command =
lpq command = %p
lprm command =

[test]
comment = testing
browsable = yes
read only = yes
create mode = 0644
path = /home/jason

David Molina Cuevas wrote:
> Do you not get any result for a 'getent passwd', and yes for 'wbinfo -u' ?
> I think I had the same problem before, I'll try to remember it.
>
> David Molina
>
>
> On Tue, May 27, 2008 at 3:25 PM, Jason Gerfen <jason.gerfen@scl.utah.edu>
> wrote:
>
>> I can enumerate users and groups from the domain but I cannot authenticate
>> the users.
>>
>> Any help?
>>
>> --
>> Jas
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/listinfo/samba
>>
>


--
Jas
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba