Bug 2924 - cannot enumerate users with getent and winbind (groups work)
cannot enumerate users with getent and winbind (groups work)
Status: RESOLVED WORKSFORME
Product: Samba 3.0
Classification: Unclassified
Component: winbind
3.0.14a
x86 Linux
: P3 major
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-07-27 03:37 UTC by Mike Rose
Modified: 2005-08-02 00:33 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Rose 2005-07-27 03:37:55 UTC
compiled from source:
openldap-2.2.26
heimdal-0.7
samba-3.0.14a

on Suse linux 9.1 Pro

cat ~/etc/smb.conf
[global]
# separate domain and username with '\', like DOMAIN\username
winbind separator = +
# use uids from 10000 to 20000 for domain users
 idmap uid = 10000-20000
# use gids from 10000 to 20000 for domain groups
 idmap gid = 10000-20000
# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes
# give winbind users a real shell (only needed if they have telnet access)
template homedir = /home/%U
template shell = /bin/bash
winbind cache time = 600
winbind trusted domains only = yes

workgroup = BSS

# to remove domain from username
# winbind use default domain = yes
obey pam restrictions = Yes

realm = domain
security = ADS
encrypt passwords = yes
password server = domain


nmbd runs OK
winbindd starts fine.

setting log level to 5 for winbindd with:

getent group get:
"
[2005/07/27 11:19:46, 5] lib/util.c:Realloc(954)
  Realloc asked for 0 bytes
[2005/07/27 11:19:46, 5] lib/util.c:Realloc(954)
  Realloc asked for 0 bytes
[2005/07/27 11:19:46, 4] nsswitch/winbindd_group.c:get_sam_group_entries(562)
  get_sam_group_entries: Native Mode 2k domain; enumerating local groups as well
[2005/07/27 11:19:46, 4] nsswitch/winbindd_group.c:get_sam_group_entries(571)
  get_sam_group_entries: Returned 0 local groups
[2005/07/27 11:19:46, 3] nsswitch/winbindd_group.c:winbindd_getgrent(619)
  [ 1860]: getgrent
[2005/07/27 11:19:46, 3] nsswitch/winbindd_group.c:winbindd_endgrent(484)
  [ 1860]: endgrent
[2005/07/27 11:19:46, 5] nsswitch/winbindd.c:winbind_client_read(477)
  read failed on sock 19, pid 1860: EOF
"

wtih getent passwd I get:
"
[2005/07/27 11:20:35, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(261)
  [ 1861]: request interface version
[2005/07/27 11:20:35, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
  [ 1861]: request location of privileged pipe
[2005/07/27 11:20:35, 5] nsswitch/winbindd.c:winbind_client_read(477)
  read failed on sock 19, pid 1861: EOF
[2005/07/27 11:20:35, 3] nsswitch/winbindd_user.c:winbindd_setpwent(310)
  [ 1861]: setpwent
[2005/07/27 11:20:35, 3] nsswitch/winbindd_user.c:winbindd_getpwent(486)
  [ 1861]: getpwent
[2005/07/27 11:20:35, 3] nsswitch/winbindd_user.c:winbindd_endpwent(375)
  [ 1861]: endpwent
[2005/07/27 11:20:35, 5] nsswitch/winbindd.c:winbind_client_read(477)
  read failed on sock 20, pid 1861: EOF
"

Ths is with winbind joining a Windows 2003 server ADS using;
net ads join -U administrator

all works fine.
wbinfo -t is OK.
wbinfo -g and wbinfo -u both return the right things.
Comment 1 Mike Rose 2005-08-02 00:33:47 UTC
In my smb.conf I had:
winbind trusted domains only = yes

Which worked with samba-3.0.9 to strip off the leading domain name for
getent passwd so single UNIX and Windows sign on would work. I then told  
myself to RTM and:

This now works with 3.0.20rc1:  
winbind use default domain = yes