Hi all, First of all, sorry for my english. I don't speak well english (of course I'm french! ;-) ) but I will try to do my best to explain you my problem.
I have a CentOS 6.3 system running with samba 3.5.10 against an AD 2008. My goal is to build a vsftpd server authenticating with users in my AD domain. Everything is working quite fine but I have something strange : When I put winbind in debug mode and when I do 'id -G root' I see these messages in winbindd.log : [2012/09/03 15:37:23.449662, 6] winbindd/winbindd.c:768(new_connection) accepted socket 21 [2012/09/03 15:37:23.449967, 3] winbindd/winbindd_misc.c:352(winbindd_interface_version) [ 4759]: request interface version [2012/09/03 15:37:23.450112, 3] winbindd/winbindd_misc.c:385(winbindd_priv_pipe_dir) [ 4759]: request location of privileged pipe [2012/09/03 15:37:23.450337, 6] winbindd/winbindd.c:768(new_connection) accepted socket 22 [2012/09/03 15:37:23.450421, 6] winbindd/winbindd.c:816(winbind_client_request_read) closing socket 21, client exited [2012/09/03 15:37:23.450539, 3] winbindd/winbindd_getgroups.c:60(winbindd_getgroups_send) getgroups root [2012/09/03 15:37:23.450691, 5] winbindd/winbindd_getgroups.c:187(winbindd_getgroups_recv) Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED [2012/09/03 15:37:23.451367, 6] winbindd/winbindd.c:816(winbind_client_request_read) closing socket 22, client exited Winbind is asked by nss to resolve root secondary groups !!! I don't undestrand why : root is only local and all his groups are local. The output is : # id -G root 0 1 2 3 4 6 10 494 My question is quite simple : why nss ask winbind to resolve theses groups name whereas they are all local !?! Do you think the only thing I have to do is ignore these messages ? Here are my conf files : /etc/nsswitch.conf : passwd: files winbind shadow: files group: files winbind /etc/samba/smb.conf : Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = DOMAIN realm = DOMAIN.FQDN server string = Serveur ftp security = ADS allow trusted domains = No password server = 10.32.242.32 10.56.242.56 ntlm auth = No kerberos method = secrets and keytab log level = 10 log file = /var/log/samba/log.%m nt pipe support = No socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No domain master = No dns proxy = No idmap alloc backend = tdb idmap uid = 10000-500000 idmap gid = 10000-500000 template homedir = /usr/app/ftp/ftp/%U template shell = /sbin/nologin winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind refresh tickets = Yes create krb5 conf = No invalid users = root cups options = raw Thank you for your help ! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
