All users from the joined domain are resolved and mapped fine. Requesting/resolving a user from a trusted domain fails with this log message: [2009/12/21 11:34:14, 5] winbindd/winbindd_async.c:296(lookupname_recv2) lookup_name returned an error [2009/12/21 11:34:14, 5] winbindd/winbindd_user.c:497(getpwnam_name2sid_recv) Could not lookup name for user EXT\nue.ftpuser.svc The strange thing is, that all users from the trusted domain EXT are listed fine with `wbinfo --domain EXT -u`, but the request for single users fails with the above msg. BTW, the trusted domain EXT is always marked as "offline" with `wbinfo --online-status`. After `wbinfo --domain EXT -u` this domain is set to "online", but still no success in resolving users. Dont know if that matters, I'm using "idmap backend = hash" to map uid and guid.
Hi, could you please post your complete smb.conf? Thanks - Michael
The global section of my smb.conf (all other sections default): [global] workgroup = GFK printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User include = /etc/samba/dhcp.conf logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = P: usershare allow guests = No realm = GFK.COM preferred master = no security = ADS template homedir = /home/%D/%U template shell = /bin/bash allow trusted domains = yes winbind refresh tickets = yes winbind nss info = hash idmap backend = hash idmap uid = 1000-4000000000 idmap gid = 1000-4000000000 log level = auth:10 winbind:10 wins support = no invalid users = root
Could you please add the output of the command "net rpc trustdom list" here?
Just calling "net rpc trustdom list" tries to find the next DC of one of the trusted domains, therefore the netlogon always fails. Calling "net -S windc1.gfk.com -U nue.ftpuser.svc rpc trustdom list" works: Enter nue.ftpuser.svc's password: Trusted domains list: IHAGF S-1-5-21-1942423493-1059656558-1998214792 INTOMAR S-1-5-21-823518204-1659004503-725345543 CRW S-1-5-21-3031078713-886512649-1698080345 GFKA S-1-5-21-343818398-1482476501-682003330 UK S-1-5-21-1680198136-2588557851-305613390 Trusting domains list: EXT S-1-5-21-1328376081-1279679187-339368940 IHAGF S-1-5-21-1328376081-1279679187-339368940 INTOMAR S-1-5-21-1328376081-1279679187-339368940 CRW S-1-5-21-1328376081-1279679187-339368940 GFKA S-1-5-21-1328376081-1279679187-339368940 UK S-1-5-21-1328376081-1279679187-339368940
I'm wondering why this EXT domain is only listed in "trusting domains list" and not like the other domains in both sections. But `wbinfo --trusted-domains` also lists the domain EXT. Any ideas?
that idmap config is invalid and especially bad with a trusted domain szenario. I've seen that current releases with a correct idmap config work fine.