On Fri, Oct 11, 2013 at 10:16:48AM -0400, Lee Allen wrote: > Samba 3.6.17 joined to Samba 4.2.0 AD domain, using winbind > > 'wbinfo -g' and 'getent group' successfully list all groups. > 'getent group 10006' returns: > domain users:x:10006: > 'getent group "domain users"' fails with return code 2 > > partial log.winbind after above command: > > [2013/10/11 10:01:31.288199, 3] > winbindd/winbindd_misc.c:384(winbindd_interface_version) > [31911]: request interface version > [2013/10/11 10:01:31.288288, 3] > winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir) > [31911]: request location of privileged pipe > [2013/10/11 10:01:31.288421, 3] > winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send) > getgrnam domain users > [2013/10/11 10:01:31.288520, 3] > winbindd/winbindd_msrpc.c:252(msrpc_name_to_sid) > msrpc_name_to_sid: name=DOMAIN\USERS > [2013/10/11 10:01:31.288547, 3] > winbindd/winbindd_msrpc.c:266(msrpc_name_to_sid) > name_to_sid [rpc] DOMAIN\USERS for domain DOMAIN > > if I specify the domain name, ie: 'getent group "ALLENLAN\\domain users"' > it still fails... > > [2013/10/11 10:02:18.280728, 3] > winbindd/winbindd_misc.c:384(winbindd_interface_version) > [31925]: request interface version > [2013/10/11 10:02:18.280823, 3] > winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir) > [31925]: request location of privileged pipe > [2013/10/11 10:02:18.280940, 3] > winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send) > getgrnam ALLENLAN\domain users > [2013/10/11 10:02:18.281033, 3] > winbindd/winbindd_msrpc.c:252(msrpc_name_to_sid) > msrpc_name_to_sid: name=ALLENLAN\DOMAIN\USERS > [2013/10/11 10:02:18.281060, 3] > winbindd/winbindd_msrpc.c:266(msrpc_name_to_sid) > name_to_sid [rpc] ALLENLAN\DOMAIN\USERS for domain ALLENLAN\DOMAIN > > Note the missing space in "DOMAIN\USERS" in the logs. I don't know whether > this is relevant. > > 'getent passwd' does not have any such problems - it can query by UID or > username > > > smb.conf: > > [global] > workgroup = ALLENLAN > realm = allenlan.net > password server = 192.168.0.13 > preferred master = no > server string = zone-samba3 > security = ads > encrypt passwords = yes > log level = 3 > log file = /var/log/samba/%m > max log size = 50 > printcap name = cups > printing = cups > winbind enum users = yes > winbind enum groups = yes > winbind use default domain = yes
Please try without "winbind use default domain = yes" > winbind nested groups = yes > winbind separator = \ Just a wild guess: Can you try removing this line? \ is default. If that does not help, please send us full debug level 10 logs of that command together with the output of strace -ttT -s 1000 -o /tmp/getent.out getent group "domain users" Regards, Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de ***************************************************************** visit us on it-sa:IT security exhibitions in Nürnberg, Germany October 8th - 10th 2013, hall 12, booth 333 free tickets available via code 270691 on: www.it-sa.de/gutschein ****************************************************************** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
