Date: Thu, 22 May 2008 13:34:52 -0500 From: Derek Ragona <derek@computinginnovations.com> To: Stephen Allen <sdafreebsduk@rowyerboat.com>, freebsd-questions@freebsd.org Subject: Re: Samba/Winbind/nsswitch problem Message-ID: <6.0.0.22.2.20080522133400.02514ca8@mail.computinginnovations.com> In-Reply-To: <48357959.1080508@rowyerboat.com> References: <48357959.1080508@rowyerboat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 08:47 AM 5/22/2008, Stephen Allen wrote:
>Hello,
>
>I've installed and configured samba with winbind, to allow Windows Active
>Directory users to login without me having to create a local account for them.
>
>Generally speaking, it works (I can login, wbinfo -u|-g returns the
>correct data). I can login as a Windows user through ssh, and am using
>the pam_mkhomedir module (which also works ok).
>
>Anyway, I've got 2 questions/problems...
>
>(1)
>Whenever I restart samba, syslog receives messages like these below.
>
>auth/auth_util.c:create_builtin_administrators(792)
>create_builtin_administrators: Failed to create Administrators
>auth/auth_util.c:create_builtin_users(758)
>create_builtin_users: Failed to create Users
>auth/auth_util.c:create_builtin_administrators(792)
>create_builtin_administrators: Failed to create Administrators
>auth/auth_util.c:create_builtin_users(758)
>create_builtin_users: Failed to create Users
>
>(2)
>If I use the "winbind enum users|groups = Yes" options, syslog receives
>messages like these below (hundreds of them... every few mins).
>
>nsswitch/winbindd_group.c:winbindd_getgrent(1110)
>could not lookup domain group department (maths)
>nsswitch/winbindd_group.c:winbindd_getgrent(1110)
>could not lookup domain group department (mecheng)
>
>
>Can anyone help please?
>
>Many thanks,
>Steve :)
>
>
>========================
>SOME NOTES ON MY CONFIG:
>========================
>
>FreeBSD 7.0-RELEASE amd64
>samba-3.0.28a,1
>
>root@bax ~ $ testparm -s
>Load smb config files from /usr/local/etc/smb.conf
>Loaded services file OK.
>Server role: ROLE_DOMAIN_MEMBER
>[global]
> workgroup = TECHNOLOGY
> security = DOMAIN
> allow trusted domains = No
> syslog only = Yes
> load printers = No
> printcap name = /dev/null
> ldap ssl = no
> idmap domains = TECHNOLOGY
> template shell = /usr/local/bin/bash
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> idmap config TECHNOLOGY:range = 10000-20000
> idmap config TECHNOLOGY:backend = rid
>
>root@bax ~ $ wbinfo -u | wc -l
> 2944
>root@bax ~ $ wbinfo -g | wc -l
> 117
>
>root@bax ~ $ cat /etc/nsswitch.conf
>group: files winbind
>group_compat: files nis
>hosts: files dns
>networks: files
>passwd: files winbind
>passwd_compat: files nis
>shells: files
>services: files
>services_compat: files nis
>protocols: files
>rpc: files
Do you have an entry in smb.cnf like this:
admin users = root, Administrator
-Derek
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.0.0.22.2.20080522133400.02514ca8>