Hi, We have integrated Samaba with our AD.The OS of the linux machine is Suse 9 and OS of our AD is Windows 2008 R2. I am able to login to the Suse linux machine using my AD account.But when I typing the command "id -a " ,its not displaying the entire groups I am belonging , only showing some group names. If i checked in the AD server I am member of all these groups,but all of these groups not displaying in Linux machine where Samba and winbind configured. We configured ACL to some directories and because some groups is not displaying with my ID ,unable to access those directories. Request to please help on this ASAP.Kindly let me know if you require any more information. Thank you in advance. Regards Praveen
(In reply to comment #0) > Hi, > We have integrated Samaba with our AD.The OS of the linux machine is Suse 9 and > OS of our AD is Windows 2008 R2. > I am able to login to the Suse linux machine using my AD account.But when I > typing the command "id -a " ,its not displaying the entire groups I am > belonging , only showing some group names. If i checked in the AD server I am > member of all these groups,but all of these groups not displaying in Linux > machine where Samba and winbind configured. > We configured ACL to some directories and because some groups is not displaying > with my ID ,unable to access those directories. > Request to please help on this ASAP.Kindly let me know if you require any more > information. > Thank you in advance. > Regards > Praveen One more thing I forgot to tell. Recently I upgrade the samaba package to 3.5.8 from 3.0.26a-0.9. After this upgrade only I am getting this issue,before that it was worming fine.
Did you check all your idmap settings? id mapping has changed significantly between 3.0 and 3.5. With best regards, Volker Lendecke
(In reply to comment #2) > Did you check all your idmap settings? id mapping has changed significantly > between 3.0 and 3.5. > With best regards, > Volker Lendecke Hi, Thanks for the reply. In the smb.conf file I ahve added the below lines related to idmap: idmap gid = 16777216-33554431 idmap uid = 16777216-33554431 Is this was the one you referring to?
If that's all, then it should continue to work fine. Please upload full debug level 10 logs of winbind (log.w* in the directory where you store your log files, please set "debug level = 10" in your smb.conf file and restart winbind before you do that operation) during the idmap -a operation. With best regards, Volker Lendecke
Created attachment 6830 [details] Winbind logs
Pls find the smb.conf file configuration [global] workgroup = NA realm = NA.UIS.UNISYS.COM netbios name = ustr-linux-1 server string = USTR-LINUX-1.na.uis.unisys.com encrypt passwords = yes security = ADS password server = 129.224.152.11, 129.224.8.140 passdb backend = smbpasswd log level = 2 winbind:10 ads:10 auth:10 syslog = 0 log file = /var/log/samba/%m.log debug level = 10 max log size = 5000 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 winbind use default domain = no winbind uid = 16777216-33554431 winbind gid = 16777216-33554431 winbind enum users = no winbind enum groups = no winbind cache time = 3600 template homedir = /home/%D/%U template shell = /bin/bash admin users = root, NA\TRIMBLRD, +"NA\EPS Admin" nt acl support = yes map acl inherit = yes unix extensions = no idmap backend = ad idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 usershare allow guests = No winbind refresh tickets = yes obey pam restrictions = yes
(In reply to comment #6) > Pls find the smb.conf file configuration > [global] > workgroup = NA > realm = NA.UIS.UNISYS.COM > netbios name = ustr-linux-1 > server string = USTR-LINUX-1.na.uis.unisys.com > encrypt passwords = yes > security = ADS > password server = 129.224.152.11, 129.224.8.140 > passdb backend = smbpasswd > log level = 2 winbind:10 ads:10 auth:10 > syslog = 0 > log file = /var/log/samba/%m.log > debug level = 10 > max log size = 5000 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > winbind use default domain = no > winbind uid = 16777216-33554431 > winbind gid = 16777216-33554431 > winbind enum users = no > winbind enum groups = no > winbind cache time = 3600 > template homedir = /home/%D/%U > template shell = /bin/bash > admin users = root, NA\TRIMBLRD, +"NA\EPS Admin" > nt acl support = yes > map acl inherit = yes > unix extensions = no > idmap backend = ad > idmap uid = 16777216-33554431 > idmap gid = 16777216-33554431 > usershare allow guests = No > winbind refresh tickets = yes > obey pam restrictions = yes Hi, Can anyone help on this issue. I am having no idea how to go ahead with the issue. I will once more explain what excatly the issue. We are having a samba server 3.0.26a verion with Winbind authentcating in a SLES 9 SP4 with Windows 2003 the AD server.Http configured which is using the domain ID's to login. Last week we got an issue that users not able to authenticate using their domain ID. wbinfo -t command was failing. Then we heard from the corporate IT that they upgraded the AD OS from Windows 2003 to Windows 2008 R2 . So I upgraded the Samab package from 3.0.26a to 3.5.8. After that able to conatct with AD ,aslo users able to authenticate using domain ID's. But later users complained that they are getting intermittent authentication problem. Also if they loging to the linux server using domain ID's using SSH ,not able to get the entire group details using id -a command. But for some users its working fine. This is an overall picture of the situation.Please find the samba conifiguration file also.Kindly let us know if any more information required. [global] workgroup = NA realm = NA.UIS.UNISYS.COM netbios name = ustr-linux-1 server string = USTR-LINUX-1.na.uis.unisys.com encrypt passwords = yes security = ADS password server = 129.224.152.11, 129.224.8.140 passdb backend = smbpasswd log level = 2 winbind:10 ads:10 auth:10 syslog = 0 log file = /var/log/samba/%m.log debug level = 10 max log size = 5000 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 winbind use default domain = no winbind uid = 16777216-33554431 winbind gid = 16777216-33554431 winbind enum users = yes winbind enum groups = yes winbind cache time = 3600 template homedir = /home/%D/%U template shell = /bin/bash admin users = root, NA\TRIMBLRD, +"NA\EPS Admin" nt acl support = yes map acl inherit = yes unix extensions = no # idmap domains = NA # idmap backend = idmap_rid:NA=16777216-33554431 idmap gid = 16777216-33554431 idmap uid = 16777216-33554431 # allow trusted domains = no usershare allow guests = No winbind refresh tickets = yes obey pam restrictions = yes # printer setup # load printers = yes # use client driver = no # printing = cups Regards Praveen
Hi, Can anyone help on this issue. I am having no idea how to go ahead with the issue. I will once more explain what excatly the issue. We are having a samba server 3.0.26a verion with Winbind authentcating in a SLES 9 SP4 with Windows 2003 the AD server.Http configured which is using the domain ID's to login. Last week we got an issue that users not able to authenticate using their domain ID. wbinfo -t command was failing. Then we heard from the corporate IT that they upgraded the AD OS from Windows 2003 to Windows 2008 R2 . So I upgraded the Samab package from 3.0.26a to 3.5.8. After that able to conatct with AD ,aslo users able to authenticate using domain ID's. But later users complained that they are getting intermittent authentication problem. Also if they loging to the linux server using domain ID's using SSH ,not able to get the entire group details using id -a command. But for some users its working fine. This is an overall picture of the situation.Please find the samba conifiguration file also.Kindly let us know if any more information required. [global] workgroup = NA realm = NA.UIS.UNISYS.COM netbios name = ustr-linux-1 server string = USTR-LINUX-1.na.uis.unisys.com encrypt passwords = yes security = ADS password server = 129.224.152.11, 129.224.8.140 passdb backend = smbpasswd log level = 2 winbind:10 ads:10 auth:10 syslog = 0 log file = /var/log/samba/%m.log debug level = 10 max log size = 5000 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 winbind use default domain = no winbind uid = 16777216-33554431 winbind gid = 16777216-33554431 winbind enum users = yes winbind enum groups = yes winbind cache time = 3600 template homedir = /home/%D/%U template shell = /bin/bash admin users = root, NA\TRIMBLRD, +"NA\EPS Admin" nt acl support = yes map acl inherit = yes unix extensions = no # idmap domains = NA # idmap backend = idmap_rid:NA=16777216-33554431 idmap gid = 16777216-33554431 idmap uid = 16777216-33554431 # allow trusted domains = no usershare allow guests = No winbind refresh tickets = yes obey pam restrictions = yes # printer setup # load printers = yes # use client driver = no # printing = cups Regards Praveen
(In reply to comment #6) > Pls find the smb.conf file configuration > [global] > workgroup = NA > realm = NA.UIS.UNISYS.COM > netbios name = ustr-linux-1 > server string = USTR-LINUX-1.na.uis.unisys.com > encrypt passwords = yes > security = ADS > password server = 129.224.152.11, 129.224.8.140 > passdb backend = smbpasswd > log level = 2 winbind:10 ads:10 auth:10 > syslog = 0 > log file = /var/log/samba/%m.log > debug level = 10 > max log size = 5000 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > winbind use default domain = no > winbind uid = 16777216-33554431 > winbind gid = 16777216-33554431 > winbind enum users = no > winbind enum groups = no > winbind cache time = 3600 > template homedir = /home/%D/%U > template shell = /bin/bash > admin users = root, NA\TRIMBLRD, +"NA\EPS Admin" > nt acl support = yes > map acl inherit = yes > unix extensions = no > idmap backend = ad > idmap uid = 16777216-33554431 > idmap gid = 16777216-33554431 > usershare allow guests = No > winbind refresh tickets = yes > obey pam restrictions = yes One more update. -- Today we are not having intermittent issue as the server load is low. So when the smbd packge using more cpu at that we are getting the intermittent issue. Whether any patch need to be installed.
(In reply to comment #5) > Created attachment 6830 [details] > Winbind logs Those are not winbind logs.
Created attachment 6851 [details] Winbind logs
Hi, Please let me know whether I attached the correct logs.
Hi , Just now we got an authentication issue and the winbind logs showing the below message. [2011/09/02 14:54:02.181868, 5] winbindd/winbindd.c:934(winbindd_listen_fde_handler) winbindd: Exceeding 200 client connections, removing idle connection. [2011/09/02 14:54:02.181900, 5] winbindd/winbindd.c:908(remove_idle_client) Found 200 idle client connections, shutting down sock 77, pid 11057 [2011/09/02 14:54:02.181937, 6] winbindd/winbindd.c:791(new_connection) accepted socket 77
*** This bug has been marked as a duplicate of bug 6825 ***