Re: {Disarmed} Re: [Samba] Update: Winbind+nss working on one centOS 5.2 box but not another
Thanks Kums - I should have been clearer - the non-verbose testparm output (which doesn't show the netbios name) diffs out perfectly. The netbios names are in fact set differently and the join happens without errors. testparm -v Kums wrote: Make sure to have different Netbios Name, else only one box will be able to successfully join to AD + export Samba shares. Cheers, -Kums On Fri, Jan 23, 2009 at 1:18 AM, Ben Tisdall b...@redcircleit.com mailto:b...@redcircleit.com wrote: tim clusters wrote: What is your id backend? AD or RID? Can you post your smb.conf? Hi Tim thanks for replying. This is very minimal smb.conf - the history is that it was copied verbatim from a Guardian snap appliance worked perfectly well on 'Box A'. workgroup = OURDOMAIN security = ads server string = Samba Server Version %v netbios name = testukmcsstor1 realm = OURDOMAIN.PRIV idmap uid = 1-2 idmap gid = 1-2 ;interfaces = lo eth0 *MailScanner warning: numerical links are often malicious:* 192.168.12.2/24 http://192.168.12.2/24 *MailScanner warning: numerical links are often malicious:* 192.168.13.2/24 http://192.168.13.2/24 ;hosts allow = 127. 10 # logs split per machine log file = /var/log/samba/log.%m # max 50KB per log file, then rotate max log size = 50 preferred master = no wins support = yes ; wins server = w.x.y.z ; wins proxy = yes ; dns proxy = yes load printers = yes cups options = raw ; map archive = no ; map hidden = no ; map read only = no ; map system = no ; store dos attributes = yes Include = /etc/samba/shares.conf NB: I can testparm the conf from both boxes the output diffs perfectly. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- This message has been scanned for viruses and dangerous content by *MailScanner* http://www.mailscanner.info/, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Update: Winbind+nss working on one centOS 5.2 box but not another
Make sure to have different Netbios Name, else only one box will be able to successfully join to AD + export Samba shares. Cheers, -Kums On Fri, Jan 23, 2009 at 1:18 AM, Ben Tisdall b...@redcircleit.com wrote: tim clusters wrote: What is your id backend? AD or RID? Can you post your smb.conf? Hi Tim thanks for replying. This is very minimal smb.conf - the history is that it was copied verbatim from a Guardian snap appliance worked perfectly well on 'Box A'. workgroup = OURDOMAIN security = ads server string = Samba Server Version %v netbios name = testukmcsstor1 realm = OURDOMAIN.PRIV idmap uid = 1-2 idmap gid = 1-2 ;interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 ;hosts allow = 127. 10 # logs split per machine log file = /var/log/samba/log.%m # max 50KB per log file, then rotate max log size = 50 preferred master = no wins support = yes ; wins server = w.x.y.z ; wins proxy = yes ; dns proxy = yes load printers = yes cups options = raw ; map archive = no ; map hidden = no ; map read only = no ; map system = no ; store dos attributes = yes Include = /etc/samba/shares.conf NB: I can testparm the conf from both boxes the output diffs perfectly. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Update: Winbind+nss working on one centOS 5.2 box but not another
tim clusters wrote: What is your id backend? AD or RID? Can you post your smb.conf? Hi Tim thanks for replying. This is very minimal smb.conf - the history is that it was copied verbatim from a Guardian snap appliance worked perfectly well on 'Box A'. workgroup = OURDOMAIN security = ads server string = Samba Server Version %v netbios name = testukmcsstor1 realm = OURDOMAIN.PRIV idmap uid = 1-2 idmap gid = 1-2 ;interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 ;hosts allow = 127. 10 # logs split per machine log file = /var/log/samba/log.%m # max 50KB per log file, then rotate max log size = 50 preferred master = no wins support = yes ; wins server = w.x.y.z ; wins proxy = yes ; dns proxy = yes load printers = yes cups options = raw ; map archive = no ; map hidden = no ; map read only = no ; map system = no ; store dos attributes = yes Include = /etc/samba/shares.conf NB: I can testparm the conf from both boxes the output diffs perfectly. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Update: Winbind+nss working on one centOS 5.2 box but not another
Something is not right with the group mapping, but I am unsure what. getent returns different a primary GID for a given user on each box and the group mapping differs in each case: Box A: //u...@host//:~$ getent group 10012 OURDOMAIN\domain users:*:10012: Box B: //u...@host//:~$ getent group 10004 OURDOMAIN\domain users:*:10004: When I do a long file listing winbindd is printing stuff like this: [14855]: getpwuid 10082 Added timed event async_request_timeout: 2ae2266d45b0 child daemon request 51 timed_events_timeout: 299/87 process_request: request fn DUAL_UID2SID [14254]: uid to sid 10082 uid = [10082] Cache entry with key = IDMAP/UID/10082 couldn't be found Query backends to map ids-sids Query sids from domain OURDOMAIN Fetching record UID 10082 Record UID 10082 not found Query sids from domain SAMBASERVER pdb_default_uid_to_rid: host has no idea of uid 10082 Storing response for pid 14257, len 3240 Destroying timed event 2ae2266d45b0 async_request_timeout Retrieving response for pid 14257 uid2sid_recv: uid 10082 has sid S-1-22-1-10082 Could not find domain for sid S-1-22-1-10082 Ben Tisdall wrote: Hi all, I have an odd situation on my hands: * Two CentOS 5.2 boxes both joined to an AD domain. * Same samba version (3.0.28-1.el5_2.1) smb.conf, only the netbios names differ * Can enumerate users and groups using winbind -{u,g} on both. * nss doesn't enumerate users groups on one (same lib versions, same conf file). //ben...@testukmcsstor1//:~$ rpm -qa | grep nss- nss-tools-3.12.2.0-2.el5.centos nss-3.12.2.0-2.el5.centos pkinit-nss-0.7.3-1.el5 nss-3.12.2.0-2.el5.centos Looks like this may be more of a libnss problem than a samba one, but can anyone suggest how I can start to troubleshoot? Thanks in advance, Ben Tisdall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba