The Samba-Bugzilla – Bug 7003
winbindd does not resolve trusted domain users
Last modified: 2018-12-09 19:00:26 UTC
All users from the joined domain are resolved and mapped fine.
Requesting/resolving a user from a trusted domain fails with this log message:
[2009/12/21 11:34:14, 5] winbindd/winbindd_async.c:296(lookupname_recv2)
lookup_name returned an error
[2009/12/21 11:34:14, 5] winbindd/winbindd_user.c:497(getpwnam_name2sid_recv)
Could not lookup name for user EXT\nue.ftpuser.svc
The strange thing is, that all users from the trusted domain EXT are listed fine with `wbinfo --domain EXT -u`, but the request for single users fails with the above msg.
BTW, the trusted domain EXT is always marked as "offline" with `wbinfo --online-status`. After `wbinfo --domain EXT -u` this domain is set to "online", but still no success in resolving users.
Dont know if that matters, I'm using "idmap backend = hash" to map uid and guid.
could you please post your complete smb.conf?
Thanks - Michael
The global section of my smb.conf (all other sections default):
workgroup = GFK
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = No
realm = GFK.COM
preferred master = no
security = ADS
template homedir = /home/%D/%U
template shell = /bin/bash
allow trusted domains = yes
winbind refresh tickets = yes
winbind nss info = hash
idmap backend = hash
idmap uid = 1000-4000000000
idmap gid = 1000-4000000000
log level = auth:10 winbind:10
wins support = no
invalid users = root
Could you please add the output of the command "net rpc trustdom list" here?
Just calling "net rpc trustdom list" tries to find the next DC of one of the trusted domains, therefore the netlogon always fails.
Calling "net -S windc1.gfk.com -U nue.ftpuser.svc rpc trustdom list" works:
Enter nue.ftpuser.svc's password:
Trusted domains list:
Trusting domains list:
I'm wondering why this EXT domain is only listed in "trusting domains list" and not like the other domains in both sections.
But `wbinfo --trusted-domains` also lists the domain EXT.
that idmap config is invalid and especially bad with a trusted domain szenario. I've seen that current releases with a correct idmap config work fine.