[Samba] getent not listing ADS users ctdb samba

Hi,



I am setting up ctdb samba, and have hit a brick wall trying to solve the
following issue.



1. getent does not retrieve the list of domain users or groups (wbinfo
works fine)



I'm not sure what I'm missing but I've almost spent the whole day trying to
resolve this one and haven't made any progress :-(



Any help or suggestions are appreciated



My configuration is as follows



Installed pre-built RHEL binaries from ctdb.samba

ctdb-1.0-41.src.rpm

ctdb-1.0-41.x86_64.rpm

ctdb-debuginfo-1.0-41.x86_64.rpm

samba-3.0.25-ctdb.16.src.rpm

samba-3.0.25-ctdb.16.x86_64.rpm

samba-client-3.0.25-ctdb.16.x86_64.rpm

samba-common-3.0.25-ctdb.16.x86_64.rpm

samba-debuginfo-3.0.25-ctdb.16.x86_64.rpm

samba-doc-3.0.25-ctdb.16.x86_64.rpm

samba-swat-3.0.25-ctdb.16.x86_64.rpm

samba-winbind-32bit-3.0.25-ctdb.16.i386.rpm





SMB.CONF

[global]

workgroup = PLANET

realm = PLANET.AD

netbios name = CTDBSAMBA

server string = CTDB Samba Server

security = ADS

private dir = /gpfs/gpfs0/SMBDconfig

log file = /usr/local/samba/var/log.%m

max log size = 50

clustering = Yes

dns proxy = No

ldap ssl = no

idmap backend = tdb2

idmap uid = 10000-20000

idmap gid = 10000-20000

winbind separator = +



[homes]

comment = Home Directories

read only = No

browseable = No



[printers]

comment = All Printers

path = /usr/spool/samba

printable = Yes

browseable = No



[GPFSGLOBAL]

comment = "GPFS Global Share"

path = /gpfs/gpfs0/GLOBALSHARE

read only = No

force unknown acl user = Yes

vfs objects = gpfs

nfs4:acedup = merge

nfs4:chown = yes

nfs4:mode = special

gpfs:sharemodes = No

fileid:mapping = fsname





KRB5.CONF

[logging]

default = FILE:/var/log/krb5libs.log

kdc = FILE:/var/log/krb5kdc.log

admin_server = FILE:/var/log/kadmind.log



[libdefaults]

default_realm = PLANET.AD



[realms]

PLANET.AD = {

kdc = msad2k3.planet.ad

admin_server = msad2k3

}



[domain_realm]

.msad2k3.planet.ad = PLANET.AD



[appdefaults]

pam = {

debug = false

ticket_lifetime = 36000

renew_lifetime = 36000

forwardable = true

krb4_convert = false

}



NSSWITCH.CONF

passwd: files winbind

shadow: files

group: files winbind





SYSTEM-AUTH

#%PAM-1.0

# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth required pam_env.so



### WINBIND AUTH ###

auth sufficient /lib/security/pam_winbind.so



auth sufficient pam_unix.so nullok try_first_pass

auth requisite pam_succeed_if.so uid >= 500 quiet

auth required pam_deny.so





### WINBIND AUTH ###

account sufficient /lib/security/pam_winbind.so



account required pam_unix.so

account sufficient pam_succeed_if.so uid < 500 quiet

account required pam_permit.so



password requisite pam_cracklib.so try_first_pass retry=3

password sufficient pam_unix.so md5 shadow nullok try_first_pass
use_authtok

password required pam_deny.so



session optional pam_keyinit.so revoke

session required pam_limits.so

session [success=1 default=ignore] pam_succeed_if.so service in crond
quiet use_uid

session required pam_unix.so



--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

Did you copy the libnss_winbind.so to /lib and make a libnss_winbind.so.2
link out of it ?

>
>
> Hi,
>
>
>
> I am setting up ctdb samba, and have hit a brick wall trying to solve the
> following issue.
>
>
>
> 1. getent does not retrieve the list of domain users or groups (wbinfo
> works fine)
>
>
>
> I'm not sure what I'm missing but I've almost spent the whole day trying
> to
> resolve this one and haven't made any progress :-(
>
>
>
> Any help or suggestions are appreciated
>
>
>
> My configuration is as follows
>
>
>
> Installed pre-built RHEL binaries from ctdb.samba
>
> ctdb-1.0-41.src.rpm
>
> ctdb-1.0-41.x86_64.rpm
>
> ctdb-debuginfo-1.0-41.x86_64.rpm
>
> samba-3.0.25-ctdb.16.src.rpm
>
> samba-3.0.25-ctdb.16.x86_64.rpm
>
> samba-client-3.0.25-ctdb.16.x86_64.rpm
>
> samba-common-3.0.25-ctdb.16.x86_64.rpm
>
> samba-debuginfo-3.0.25-ctdb.16.x86_64.rpm
>
> samba-doc-3.0.25-ctdb.16.x86_64.rpm
>
> samba-swat-3.0.25-ctdb.16.x86_64.rpm
>
> samba-winbind-32bit-3.0.25-ctdb.16.i386.rpm
>
>
>
>
>
> SMB.CONF
>
> [global]
>
> workgroup = PLANET
>
> realm = PLANET.AD
>
> netbios name = CTDBSAMBA
>
> server string = CTDB Samba Server
>
> security = ADS
>
> private dir = /gpfs/gpfs0/SMBDconfig
>
> log file = /usr/local/samba/var/log.%m
>
> max log size = 50
>
> clustering = Yes
>
> dns proxy = No
>
> ldap ssl = no
>
> idmap backend = tdb2
>
> idmap uid = 10000-20000
>
> idmap gid = 10000-20000
>
> winbind separator = +
>
>
>
> [homes]
>
> comment = Home Directories
>
> read only = No
>
> browseable = No
>
>
>
> [printers]
>
> comment = All Printers
>
> path = /usr/spool/samba
>
> printable = Yes
>
> browseable = No
>
>
>
> [GPFSGLOBAL]
>
> comment = "GPFS Global Share"
>
> path = /gpfs/gpfs0/GLOBALSHARE
>
> read only = No
>
> force unknown acl user = Yes
>
> vfs objects = gpfs
>
> nfs4:acedup = merge
>
> nfs4:chown = yes
>
> nfs4:mode = special
>
> gpfs:sharemodes = No
>
> fileid:mapping = fsname
>
>
>
>
>
> KRB5.CONF
>
> [logging]
>
> default = FILE:/var/log/krb5libs.log
>
> kdc = FILE:/var/log/krb5kdc.log
>
> admin_server = FILE:/var/log/kadmind.log
>
>
>
> [libdefaults]
>
> default_realm = PLANET.AD
>
>
>
> [realms]
>
> PLANET.AD = {
>
> kdc = msad2k3.planet.ad
>
> admin_server = msad2k3
>
> }
>
>
>
> [domain_realm]
>
> .msad2k3.planet.ad = PLANET.AD
>
>
>
> [appdefaults]
>
> pam = {
>
> debug = false
>
> ticket_lifetime = 36000
>
> renew_lifetime = 36000
>
> forwardable = true
>
> krb4_convert = false
>
> }
>
>
>
> NSSWITCH.CONF
>
> passwd: files winbind
>
> shadow: files
>
> group: files winbind
>
>
>
>
>
> SYSTEM-AUTH
>
> #%PAM-1.0
>
> # This file is auto-generated.
>
> # User changes will be destroyed the next time authconfig is run.
>
> auth required pam_env.so
>
>
>
> ### WINBIND AUTH ###
>
> auth sufficient /lib/security/pam_winbind.so
>
>
>
> auth sufficient pam_unix.so nullok try_first_pass
>
> auth requisite pam_succeed_if.so uid >= 500 quiet
>
> auth required pam_deny.so
>
>
>
>
>
> ### WINBIND AUTH ###
>
> account sufficient /lib/security/pam_winbind.so
>
>
>
> account required pam_unix.so
>
> account sufficient pam_succeed_if.so uid < 500 quiet
>
> account required pam_permit.so
>
>
>
> password requisite pam_cracklib.so try_first_pass retry=3
>
> password sufficient pam_unix.so md5 shadow nullok try_first_pass
> use_authtok
>
> password required pam_deny.so
>
>
>
> session optional pam_keyinit.so revoke
>
> session required pam_limits.so
>
> session [success=1 default=ignore] pam_succeed_if.so service in crond
> quiet use_uid
>
> session required pam_unix.so
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
>
> Message scanned by ClamAV engine (http://www.clamav.net)
> --------------------------------------------------------
>


--
François Legal


Message scanned by ClamAV engine (http://www.clamav.net)
--------------------------------------------------------
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

this seems to have been created during the rpm install, see below

[root@RHEL5ONE samba]# rpm -ql samba-winbind-32bit-3.0.25-ctdb.16
/lib/libnss_winbind.so
/lib/libnss_winbind.so.2
/lib/libnss_wins.so
/lib/libnss_wins.so.2
/lib/security/pam_winbind.so



[root@RHEL5ONE samba]# ls -lasp /lib | grep libnss
40 -rwxr-xr-x 1 root root 36340 Jul 5 2007 libnss_compat-2.5.so
4 lrwxrwxrwx 1 root root 20 May 26 08:37 libnss_compat.so.2 ->
libnss_compat-2.5.so
816 -rwxr-xr-x 1 root root 824900 Jul 13 2006 libnss_db-2.2.so
4 lrwxrwxrwx 1 root root 16 May 26 08:39 libnss_db.so.2 ->
libnss_db-2.2.so
28 -rwxr-xr-x 1 root root 21848 Jul 5 2007 libnss_dns-2.5.so
4 lrwxrwxrwx 1 root root 17 May 26 08:37 libnss_dns.so.2 ->
libnss_dns-2.5.so
52 -rwxr-xr-x 1 root root 46740 Jul 5 2007 libnss_files-2.5.so
4 lrwxrwxrwx 1 root root 19 May 26 08:37 libnss_files.so.2 ->
libnss_files-2.5.so
28 -rwxr-xr-x 1 root root 22752 Jul 5 2007 libnss_hesiod-2.5.so
4 lrwxrwxrwx 1 root root 20 May 26 08:37 libnss_hesiod.so.2 ->
libnss_hesiod-2.5.so
3036 -rwxr-xr-x 1 root root 3099444 Jul 6 2007 libnss_ldap-2.5.so
4 lrwxrwxrwx 1 root root 18 May 26 08:40 libnss_ldap.so.2 ->
libnss_ldap-2.5.so
48 -rwxr-xr-x 1 root root 42368 Jul 5 2007 libnss_nis-2.5.so
60 -rwxr-xr-x 1 root root 51696 Jul 5 2007 libnss_nisplus-2.5.so
4 lrwxrwxrwx 1 root root 21 May 26 08:37 libnss_nisplus.so.2 ->
libnss_nisplus-2.5.so
4 lrwxrwxrwx 1 root root 17 May 26 08:37 libnss_nis.so.2 ->
libnss_nis-2.5.so
20 -rwxr-xr-x 1 root root 19408 Jan 31 10:30 libnss_winbind.so
0 lrwxrwxrwx 1 root root 17 Jun 3 18:36 libnss_winbind.so.2 ->
libnss_winbind.so
1016 -rwxr-xr-x 1 root root 1032916 Jan 31 10:30 libnss_wins.so
0 lrwxrwxrwx 1 root root 14 Jun 3 18:36 libnss_wins.so.2 ->
libnss_wins.so

-----Original Message-----
From: samba-bounces+e.koutsandreou=optusnet.com.au@lists.samba .org
[mailto:samba-bounces+e.koutsandreou=optusnet.com.au@lists.samba .org] On
Behalf Of Evan Koutsandreou
Sent: Tuesday, 3 June 2008 7:09 PM
To: samba@lists.samba.org
Subject: [Samba] getent not listing ADS users ctdb samba



Hi,



I am setting up ctdb samba, and have hit a brick wall trying to solve the
following issue.



1. getent does not retrieve the list of domain users or groups (wbinfo
works fine)



I'm not sure what I'm missing but I've almost spent the whole day trying to
resolve this one and haven't made any progress :-(



Any help or suggestions are appreciated



My configuration is as follows



Installed pre-built RHEL binaries from ctdb.samba

ctdb-1.0-41.src.rpm

ctdb-1.0-41.x86_64.rpm

ctdb-debuginfo-1.0-41.x86_64.rpm

samba-3.0.25-ctdb.16.src.rpm

samba-3.0.25-ctdb.16.x86_64.rpm

samba-client-3.0.25-ctdb.16.x86_64.rpm

samba-common-3.0.25-ctdb.16.x86_64.rpm

samba-debuginfo-3.0.25-ctdb.16.x86_64.rpm

samba-doc-3.0.25-ctdb.16.x86_64.rpm

samba-swat-3.0.25-ctdb.16.x86_64.rpm

samba-winbind-32bit-3.0.25-ctdb.16.i386.rpm





SMB.CONF

[global]

workgroup = PLANET

realm = PLANET.AD

netbios name = CTDBSAMBA

server string = CTDB Samba Server

security = ADS

private dir = /gpfs/gpfs0/SMBDconfig

log file = /usr/local/samba/var/log.%m

max log size = 50

clustering = Yes

dns proxy = No

ldap ssl = no

idmap backend = tdb2

idmap uid = 10000-20000

idmap gid = 10000-20000

winbind separator = +



[homes]

comment = Home Directories

read only = No

browseable = No



[printers]

comment = All Printers

path = /usr/spool/samba

printable = Yes

browseable = No



[GPFSGLOBAL]

comment = "GPFS Global Share"

path = /gpfs/gpfs0/GLOBALSHARE

read only = No

force unknown acl user = Yes

vfs objects = gpfs

nfs4:acedup = merge

nfs4:chown = yes

nfs4:mode = special

gpfs:sharemodes = No

fileid:mapping = fsname





KRB5.CONF

[logging]

default = FILE:/var/log/krb5libs.log

kdc = FILE:/var/log/krb5kdc.log

admin_server = FILE:/var/log/kadmind.log



[libdefaults]

default_realm = PLANET.AD



[realms]

PLANET.AD = {

kdc = msad2k3.planet.ad

admin_server = msad2k3

}



[domain_realm]

.msad2k3.planet.ad = PLANET.AD



[appdefaults]

pam = {

debug = false

ticket_lifetime = 36000

renew_lifetime = 36000

forwardable = true

krb4_convert = false

}



NSSWITCH.CONF

passwd: files winbind

shadow: files

group: files winbind





SYSTEM-AUTH

#%PAM-1.0

# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth required pam_env.so



### WINBIND AUTH ###

auth sufficient /lib/security/pam_winbind.so



auth sufficient pam_unix.so nullok try_first_pass

auth requisite pam_succeed_if.so uid >= 500 quiet

auth required pam_deny.so





### WINBIND AUTH ###

account sufficient /lib/security/pam_winbind.so



account required pam_unix.so

account sufficient pam_succeed_if.so uid < 500 quiet

account required pam_permit.so



password requisite pam_cracklib.so try_first_pass retry=3

password sufficient pam_unix.so md5 shadow nullok try_first_pass
use_authtok

password required pam_deny.so



session optional pam_keyinit.so revoke

session required pam_limits.so

session [success=1 default=ignore] pam_succeed_if.so service in crond
quiet use_uid

session required pam_unix.so



--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

On Tue, 3 Jun 2008, Evan Koutsandreou wrote:

> 1. getent does not retrieve the list of domain users or groups (wbinfo
> works fine)

Do you mean "getent passwd", or "getent passwd foo"?

If you mean the former, then you need:

winbind enum groups = yes
winbind enum users = yes

jh

--
"Woman was God's second mistake." -- Nietzsche
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

That's worked, thanks a million!!

-----Original Message-----
From: samba-bounces+e.koutsandreou=optusnet.com.au@lists.samba .org
[mailto:samba-bounces+e.koutsandreou=optusnet.com.au@lists.samba .org] On
Behalf Of John Hodrien
Sent: Tuesday, 3 June 2008 8:11 PM
Cc: samba@lists.samba.org
Subject: Re: [Samba] getent not listing ADS users ctdb samba

On Tue, 3 Jun 2008, Evan Koutsandreou wrote:

> 1. getent does not retrieve the list of domain users or groups (wbinfo
> works fine)

Do you mean "getent passwd", or "getent passwd foo"?

If you mean the former, then you need:

winbind enum groups = yes
winbind enum users = yes

jh

--
"Woman was God's second mistake." -- Nietzsche
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba