Sorry, I did not include my distro. Fedora Core 4 - 2.6.11-1.1369_FC4 #1 Thu Jun 2 22:55:56 EDT 2005 i686 i686 i386 GNU/Linux
TIA On 2/27/06, Adam Bruncaj <[EMAIL PROTECTED]> wrote: > Hello, > > I have been using samba to authenticate my squid users to Active > Directory. Because of the amount of users, I would like to set up my > ACL's based on groups, rather than individual user accounts. > > I have successfully joined my samba box to our windows domain (2k). > For some reason I had to enter the domain controller name instead of > the domain name when doing so. I am now having issues looking up user > groups using wbinfo_group and/or "wbinfo -r username". > > The following are some commands, conf files & logs (the parts that I > believe are relevant). I have a feeling I have more than one issue > going on here. Please let me know if you need more info. > > I doubt there are limitations, but we are in a somewhat large > environment (about 4,000 users accounts) with multiple sub domains. > > ----- > # I compiled squid with... > ./configure --enable-external-acl-helpers="unix_group,wbinfo_group" > -------------- > [EMAIL PROTECTED] squid]# rpm -q samba > samba-3.0.21c-1 > -------------- > [EMAIL PROTECTED] squid]# wbinfo -a domainuser1%hispass > plaintext password authentication succeeded > challenge/response password authentication succeeded > ------------------- > [EMAIL PROTECTED] squid]# wbinfo -t > checking the trust secret via RPC calls succeeded > ------------------- > [EMAIL PROTECTED] squid]# wbinfo -u |more > SUBDOMAIN1\exemployees > SUBDOMAIN1\installservice > ... > .. > SUBDOMAIN2\exch > SUBDOMAIN2\adcsv > SUBDOMAIN2\administrator > .. > .. > domainuser1 #These are the accounts that I would be working with and > would need lookup there groups. note that > domainuser2 > domainuser2 > .. > .. > -------------------------------- > [EMAIL PROTECTED] samba]# wbinfo -n domainuser1 > S-1-5-21-954140891-1229348589-1136263860-10879 User (1) > -------------------------------- > [EMAIL PROTECTED] squid]# ./wbinfo_group.pl > user1 "domain users" > Could not lookup name domain users > Could not convert sid to gid > Could not get groups for user user1 > OK > # also tried domain\\user domain\\group > ------------------ > [EMAIL PROTECTED] samba]# wbinfo -r domainuser1 > Could not get groups for user domainuser1 > #also tried with domain\\domainuser1 > ------------------- > [EMAIL PROTECTED] samba]# wbinfo --sequence > SubDomain1 : DISCONNECTED > SubDomain2 : DISCONNECTED > Subdomain3 : 2576451 > LIONS : 1 > BUILTIN : 1 > MyDomain : DISCONNECTED # it states disconnected, but I am able to > view users and groups? > -------------------- > > My conf files.... > ------------------------------------------------ > (smb.conf) # note that this is the while conf file. I read that this > is all I need > > [global] > workgroup = MyDomain > netbios name = lions > password server = 10.20.250.2 > security = domain > winbind uid = 10000-20000 > winbind gid = 10000-20000 > winbind use default domain = yes > ------------------------------------------------ > (nsswitch.conf) > # > # /etc/nsswitch.conf > # > # To use db, put the "db" in front of "files" for entries you want to be > # looked up first in the databases > # > # Example: > #passwd: db files nisplus nis > #shadow: db files nisplus nis > #group: db files nisplus nis > passwd: files winbind > shadow: files winbind > group: files winbind > #hosts: db files nisplus nis dns > hosts: files winbind dns > # Example - obey only what nisplus tells us... > #services: nisplus [NOTFOUND=return] files > #networks: nisplus [NOTFOUND=return] files > #protocols: nisplus [NOTFOUND=return] files > #rpc: nisplus [NOTFOUND=return] files > #ethers: nisplus [NOTFOUND=return] files > #netmasks: nisplus [NOTFOUND=return] files > bootparams: nisplus [NOTFOUND=return] files > ethers: db files > netmasks: files > networks: files dns > protocols: files winbind > rpc: db files > services: files winbind > netgroup: files winbind > publickey: nisplus > automount: files winbind > aliases: files nisplus > --------------------------------- > (krb5.conf) > > [libdefaults] > default_realm = Mydomain.domain.com > > dns_lookup_realm = true > dns_lookup_kdc = true > [realms] > MY = { > kdc = domaincontroller1.mydomain.domain.com > admin_server = domaincontroller1 > kdc = domaincontroller1 > } > > [domain_realm] > .kerberos.server = MYDOMAIN.DOMAIN.COM > --------------------------------------- > > Log files: > -------------------------------- > [EMAIL PROTECTED] samba]# vi winbindd.log > [2006/02/27 08:02:32, 1] nsswitch/winbindd_ads.c:ads_cached_connection(109) > ads_connect for domain SUBDOMAIN2 failed: No such file or directory > [2006/02/27 08:04:08, 1] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(221) > Could not get convert sid from string > [2006/02/27 08:04:27, 1] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(221) > Could not get convert sid from string > [2006/02/27 08:05:06, 1] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(221) > Could not get convert sid from string > [2006/02/27 08:06:29, 1] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(221) > Could not get convert sid from string > [2006/02/27 08:17:00, 1] nsswitch/winbindd_ads.c:ads_cached_connection(109) > ads_connect for domain SUBDOMAIN2 failed: No such file or directory > [2006/02/27 08:21:16, 1] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(221) > Could not get convert sid from string > [2006/02/27 08:35:55, 1] nsswitch/winbindd_ads.c:ads_cached_connection(109) > ads_connect for domain SUBDOMAIN2 failed: No such file or directory > > -------------------------------- > # /var/log/messages > > Feb 27 07:57:52 lions net: [2006/02/27 07:57:52, 0] > utils/net_ads.c:ads_startup(191) > Feb 27 07:57:52 lions net: ads_connect: No results returned > Feb 27 07:58:25 lions net: [2006/02/27 07:58:25, 0] > utils/net_ads.c:ads_startup(191) > Feb 27 07:58:25 lions net: ads_connect: No results returned > Feb 27 08:01:01 lions crond(pam_unix)[11231]: session opened for user > root by (uid=0) > Feb 27 08:01:02 lions crond(pam_unix)[11231]: session closed for user root > Feb 27 08:30:10 lions winbindd[11510]: [2006/02/27 08:30:10, 0] > libsmb/clientgen.c:cli_rpc_pipe_close(375) > Feb 27 08:30:10 lions winbindd[11510]: cli_rpc_pipe_close: cli_close > failed on pipe \NETLOGON, fnum 0x4009 to machine DOMAINCONTROLLER. > Error was SUCCESS - 0 > Feb 27 09:01:01 lions crond(pam_unix)[11766]: session opened for user > root by (uid=0) > Feb 27 09:01:02 lions crond(pam_unix)[11766]: session closed for user root > ------------------------------------ > > Thanks, > Adam > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba