Our organization is structured with a single domain and two child domains. Students authenticate to one domain, faculty and staff to the other. Samba is joined to the student domain, and while wbinfo -u and -g show entries from the NAU (faculty and staff) domain, wbinfo -i or getent do not work.
/usr/local/samba/bin/wbinfo --domain=NAU -u | grep car3
/usr/local/samba/bin/wbinfo -i 'NAU\car3'
Could not get info for user NAU\car3
/usr/local/samba/bin/wbinfo -i 'NAU-STUDENTS\mcm75'
This also means that for universal groups that contain members from both domains, only those with accounts in the NAU-STUDENT domain show up.
In this case there should be 50 members:
getent group 'NAU-STUDENTS\cens_faculty'
log.wb-NAU shows the following when I run "getent passwd 'NAU\car3'"
[2008/04/01 21:06:53, 4] winbindd/winbindd_dual.c:fork_domain_child(1160)
child daemon request 55
[2008/04/01 21:06:53, 10] winbindd/winbindd_dual.c:child_process_request(434)
child_process_request: request fn DUAL_USERINFO
[2008/04/01 21:06:53, 3] winbindd/winbindd_user.c:winbindd_dual_userinfo(139)
: lookupsid S-1-5-21-20713206-1263413069-421607344-5886
[2008/04/01 21:06:53, 10] winbindd/winbindd_cache.c:refresh_sequence_number(485)
refresh_sequence_number: NAU time ok
[2008/04/01 21:06:53, 10] winbindd/winbindd_cache.c:refresh_sequence_number(527)
refresh_sequence_number: NAU seq number is now 13311759
[2008/04/01 21:06:53, 10] winbindd/winbindd_cache.c:centry_expired(567)
centry_expired: Key U/S-1-5-21-20713206-1263413069-421607344-5886 for domain NAU is good.
[2008/04/01 21:06:53, 10] winbindd/winbindd_cache.c:wcache_fetch(651)
wcache_fetch: returning entry U/S-1-5-21-20713206-1263413069-421607344-5886 for domain NAU
[2008/04/01 21:06:53, 10] winbindd/winbindd_cache.c:query_user(1727)
query_user: [Cached] - cached info for domain NAU status: NT_STATUS_OK
[2008/04/01 21:06:53, 10] winbindd/winbindd_cache.c:cache_store_response(2387)
Storing response for pid 25063, len 3496
and from log.winbindd-idmap
[2008/04/01 21:07:47, 4] winbindd/winbindd_dual.c:fork_domain_child(1160)
child daemon request 48
[2008/04/01 21:07:47, 10] winbindd/winbindd_dual.c:child_process_request(434)
child_process_request: request fn DUAL_SID2UID
[2008/04/01 21:07:47, 3] winbindd/winbindd_idmap.c:winbindd_dual_sid2uid(316)
: sid to uid S-1-5-21-20713206-1263413069-421607344-5886
[2008/04/01 21:07:47, 10] winbindd/idmap_util.c:idmap_sid_to_uid(104)
idmap_sid_to_uid: sid = [S-1-5-21-20713206-1263413069-421607344-5886]
[2008/04/01 21:07:47, 10] winbindd/idmap_util.c:idmap_sid_to_uid(124)
sid [S-1-5-21-20713206-1263413069-421607344-5886] not mapped to an uid [2,1,138629408]
[2008/04/01 21:07:47, 10] winbindd/winbindd_cache.c:cache_store_response(2387)
Storing response for pid 25056, len 3496
Both domains are running win2k3 r2 with the r2 schema.
Created attachment 3228 [details]
smb.conf containing entries for both domains
This ticket was opened to split out the issue discussed at the end of bug #4501
From what I understand, the smb.conf used should work for both domains. The rfc2307 attributes are populated the same way in both, but samba seem only able to perform lookups on the domain to which it is joined. The other only reports no attributes.
This is still a major problem for us. Is there anything else I can provide?
Aside from patches, is there any way we can help with this? It is a major problem for us having multiple domains in rfc2307 mode.
Actually this looks like it might be a dupe of 3661 or 4069. Both of which have patches.
Calling it a dupe
*** This bug has been marked as a duplicate of 3661 ***