Bug 1603 - nss lookups via "getent group" broken after 3.0.2a
Summary: nss lookups via "getent group" broken after 3.0.2a
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.5
Hardware: x86 Linux
: P3 major
Target Milestone: none
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-08-11 07:11 UTC by Sergio Roberto Claser
Modified: 2005-08-24 10:26 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sergio Roberto Claser 2004-08-11 07:11:34 UTC
All wbinfo commands and "getent passwd" work fine, but we have a problem doing
nss lookups via "getent group" between two Samba 3.0.5/LDAP PDC (with
interdomain trust relationship). When we downgraded to Samba 3.0.2a, the problem
was fixed.

We tried with samba 3.0.4 and the problem persist.

The problem looks like the #1561 bug reported in that list, but LDAP works fine.

The error reported in log.winbind is:
"could not lookup membership for group rid S-1-5-21-xxxx-xxxxx-xxxxx-513 n
domain PROC (error: NT_STATUS_NO_SUCH_GROUP)".

Configuratiom of Samba:
# Global parameters
[global]
        workgroup = PROC
        server string = %N Samba/LDAP Server
        passdb backend = ldapsam:ldap://127.0.0.1
        log level = 4 winbind:10
        log file = /var/log/samba/log.%m
        max log size = 1024
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        load printers = No
        logon path =
        domain logons = Yes
        os level = 64
        preferred master = Yes
        domain master = Yes
        dns proxy = No
        wins server = xxx.xxx.xxx.xxx
        ldap suffix = dc=pmpa
        ldap machine suffix = ou=Computers,dc=procempa
        ldap user suffix = ou=People,dc=procempa
        ldap group suffix = ou=Groups,dc=procempa
        ldap idmap suffix = ou=IDMap
        ldap admin dn = cn=admin,dc=pmpa
        ldap ssl = no
        idmap backend = ldap:ldap://127.0.0.1
        idmap uid = 40000-60000
        idmap gid = 40000-60000
Comment 1 Gerald (Jerry) Carter (dead mail address) 2004-08-24 05:59:30 UTC
please retest against 3.0.6.  Thanks.
Comment 2 Sergio Roberto Claser 2004-08-27 11:13:49 UTC
Version 3.0.6 fix the problem.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2004-08-27 11:32:04 UTC
Thanks for the feedback.
Comment 4 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:26:27 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.