opensubscriber
   Find in this group all groups
 
Unknown more information…

s : samba@lists.samba.org 6 May 2010 • 3:05PM -0400

Re: [Samba] Getent passwd and getent group fail / Samba 3.5.2
by Oliver Weinmann

REPLY TO AUTHOR
 
REPLY TO GROUP



I have investigated further and compared the behaviour of samba 3.3 and
samba 3.5 on 2 identical SLES9 VM's. Samba 3.3 is working as expected
with our Win2k3 SFU Domain and idmap_ad module. Samba 3.5 is not. I
noticed that there are a few kerberos params that have changed in 3.5
but I just can't get 3.5 to work as expected:

sles9test3:~ # testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Unknown parameter encountered: "use kerberos keytab"
Ignoring unknown parameter "use kerberos keytab"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

For example I can run getent passwd and getent group fine under 3.3 but
not under 3.5. Also I created a user in AD "tuser2" this user is visible
within 1 minute under 3.3 under 3.5 it's not even visible after a
reboot. Also group memberships of AD users are not updated under 3.5.2.

I'm not sure if this is a bug. I tried a lot of things in smb.conf but
it just doesn't work. At the moment I have to consider going back to
3.3.

I googled a lot in the past days to find a correct smb.conf for 3.5 and
idmap_ad but it's really hard to find a well documented howto.

I would really appreciate if someone has a look on this.

Here is my smb.conf:

[global]
        netbios name = sles9test1
        realm = SOMEDOMAIN.NET
        workgroup = SOMEDOMAIN
        security = ADS
        encrypt passwords = yes
        password server = dc.somedomain.net
        os level = 20
        idmap backend = ad
        idmap config SOMEDOMAIN : backend = ad
        idmap config SOMEDOMAIN : schema_mode = sfu
        idmap config SOMEDOMAIN : range = 0-99999999
        winbind nss info = sfu
        winbind enum users = yes
        winbind enum groups = yes
        preferred master = no
        winbind nested groups = Yes
        winbind use default domain = Yes
        max log size = 50
        log level = 10
        log file = /var/log/samba/log.%m
        dns proxy = no
        wins server = 172.20.200.18 172.18.200.20
        allow trusted domains = no
        client use spnego = Yes
        use kerberos keytab = true
        winbind refresh tickets = yes
        idmap cache time = 1
        winbind cache time = 1
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Bookmark with:

Delicious   Digg   reddit   Facebook   StumbleUpon

Related Messages

opensubscriber is not affiliated with the authors of this message nor responsible for its content.