wbinfo messed up (was Re: Anyone try 'ssh server" and get "Password for DOMAIN\USER:>>")
in [Samba]
|
Prev: [Samba] wbinfo messed up (was Re: Anyone try 'ssh server" and get "Password for DOMAIN\USER:>>")
Next: [Samba] getent behavior since 3.5.x
From: Gaiseric Vandal on 25 Jun 2010 18:10 If wbinfo -s and wbinfo -n both show the same uid-sid mappings then winbind itself should be ok # wbinfo -n jsmith S-1-5-21-xxxx-xxxx-xxxx-1234 User (1) # wbinfo -s S-1-5-21-xxxx-xxxx-xxxx-1234 MYDOMAIN\jsmith 1 # Does "getent passwd" and "getent group" return "Windows" users? Does "id MYDOMAIN\jsmith" If not you may be missing the libnss_winbind or nss_winbind file in /usr/lib (or /usr/local/lib) depending on OS and where samba was installed. The group thing is weird. "wbinfo -g" shows more groups than "net rpc group list" But "wbinfo -g" shows groups from trusted domains and the BUILTIN domain. I would check the results of "net groupmap list." Make sure that Domain Users and Domain Administrators are mapped. On 06/25/2010 03:59 PM, Linda W wrote: > Gaiseric Vandal wrote: >> IS the Samba server the PDC? Do you have local unix accounts on it? > (yes, yes).. >> I might be wrong but couldn't you modify /etc/nsswitch.conf to use >> >> passwd: files winbind >> group: files winbind >> >> instead? > > > ----------- > > I tried this -- but then I couldn't log in at all! > I'm thinking my winbind is screwy -- that may be all or part of the > problem. > Symptoms: > >> wbinfo -u shows: lindaw (my user name) > > wbinfo -n lindaw returns: (expected) > S-1-5-21-33333-77777-33333-80026 SID_USER (1) > > BUT: > wbinfo -i lindaw" says: "Could not get info for user lindaw" > > wbinfo --own-domain returns: "BLISS" > wbinfo --ping-dc returns: "checking the NETLOGON dc connection > succeeded" > BUT: > wbinfo --dsgetdcname=BLISS returns: > "Could not find dc for BLISS" > wbinfo -m > BUILTIN > BLISS > wbinfo -m > wbinfo --sid-aliases=S-1-5-21-33333-77777-33333-80026 > 80026 > > wbinfo --user-sids=S-1-5-21-33333-77777-33333-80026 > Could not get group SIDs for user SID S-1-5-21-33333-77777-33333-80026 > > --- > So It has partial information, but can't give info on me, can't verify > passwords, can't give groups, but maps user id's... > > It DOESN'T show the same groups as "net rpc groups list" -- it shows > a *fraction* of what the net command shows - > net rpc groups list shows 20 groups, wbinfo -g shows 8. > > Should these be close? or the same? > How can they be out of sync and if they should be the same, how > do I resync them? > Net groups shows the correct listing. > > > > > > >> >> On 06/25/2010 01:12 AM, L. A. Walsh wrote: >>> I'm trying to use 'ssh' as a domain user from a workstation into my >>> server. >>> >>> When I ssh as a non-domain user, it doesn't tack on a domain (or >>> workstation) >>> name, so it just works, but when I log in from from my Samba domain, >>> it tacks it on (and the linux security stuff doesn't like "domain\" >>> either. >>> >>> Should the pam_winbind module be able to authenticate this type of >>> user name against the domain? >>> >>> If not, is there a module that does? >>> >>> thanks, >>> linda >>> >> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |