Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 22 May 2008 13:34:52 -0500
From:      Derek Ragona <derek@computinginnovations.com>
To:        Stephen Allen <sdafreebsduk@rowyerboat.com>, freebsd-questions@freebsd.org
Subject:   Re: Samba/Winbind/nsswitch problem
Message-ID:  <6.0.0.22.2.20080522133400.02514ca8@mail.computinginnovations.com>
In-Reply-To: <48357959.1080508@rowyerboat.com>
References:  <48357959.1080508@rowyerboat.com>

next in thread | previous in thread | raw e-mail | index | archive | help
At 08:47 AM 5/22/2008, Stephen Allen wrote:
>Hello,
>
>I've installed and configured samba with winbind, to allow Windows Active 
>Directory users to login without me having to create a local account for them.
>
>Generally speaking, it works (I can login, wbinfo -u|-g returns the 
>correct data).  I can login as a Windows user through ssh, and am using 
>the pam_mkhomedir module (which also works ok).
>
>Anyway, I've got 2 questions/problems...
>
>(1)
>Whenever I restart samba, syslog receives messages like these below.
>
>auth/auth_util.c:create_builtin_administrators(792)
>create_builtin_administrators: Failed to create Administrators
>auth/auth_util.c:create_builtin_users(758)
>create_builtin_users: Failed to create Users
>auth/auth_util.c:create_builtin_administrators(792)
>create_builtin_administrators: Failed to create Administrators
>auth/auth_util.c:create_builtin_users(758)
>create_builtin_users: Failed to create Users
>
>(2)
>If I use the "winbind enum users|groups = Yes" options, syslog receives 
>messages like these below (hundreds of them... every few mins).
>
>nsswitch/winbindd_group.c:winbindd_getgrent(1110)
>could not lookup domain group department (maths)
>nsswitch/winbindd_group.c:winbindd_getgrent(1110)
>could not lookup domain group department (mecheng)
>
>
>Can anyone help please?
>
>Many thanks,
>Steve :)
>
>
>========================
>SOME NOTES ON MY CONFIG:
>========================
>
>FreeBSD 7.0-RELEASE amd64
>samba-3.0.28a,1
>
>root@bax ~ $ testparm -s
>Load smb config files from /usr/local/etc/smb.conf
>Loaded services file OK.
>Server role: ROLE_DOMAIN_MEMBER
>[global]
>         workgroup = TECHNOLOGY
>         security = DOMAIN
>         allow trusted domains = No
>         syslog only = Yes
>         load printers = No
>         printcap name = /dev/null
>         ldap ssl = no
>         idmap domains = TECHNOLOGY
>         template shell = /usr/local/bin/bash
>         winbind enum users = Yes
>         winbind enum groups = Yes
>         winbind use default domain = Yes
>         idmap config TECHNOLOGY:range = 10000-20000
>         idmap config TECHNOLOGY:backend = rid
>
>root@bax ~ $ wbinfo -u | wc -l
>     2944
>root@bax ~ $ wbinfo -g | wc -l
>      117
>
>root@bax ~ $ cat /etc/nsswitch.conf
>group: files winbind
>group_compat: files nis
>hosts: files dns
>networks: files
>passwd: files winbind
>passwd_compat: files nis
>shells: files
>services: files
>services_compat: files nis
>protocols: files
>rpc: files

Do you have an entry in smb.cnf like this:
admin users = root, Administrator

         -Derek

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.0.0.22.2.20080522133400.02514ca8>