Samba/Winbind/nsswitch problem

Stephen Allen sdafreebsduk at rowyerboat.com
Thu May 22 01:11:37 BST 2008 

I've installed and configured samba with winbind, to allow Windows 
Active Directory users to log in without me having to create a local 
account for them.

Generally speaking, it works (I can login, wbinfo -u|-g returns the 
correct data).  I can login as a Windows user through ssh, and am using 
the pam_mkhomedir module (which also works ok).

Anyway, I've got 2 questions/problems...

(1)
Whenever I restart samba, syslog receives messages like these below.

auth/auth_util.c:create_builtin_administrators(792)
create_builtin_administrators: Failed to create Administrators
auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
auth/auth_util.c:create_builtin_administrators(792)
create_builtin_administrators: Failed to create Administrators
auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users

(2)
If I use the "winbind enum users|groups = Yes" options, syslog receives 
messages like these below (hundreds of them... every few mins).

nsswitch/winbindd_group.c:winbindd_getgrent(1110)
could not lookup domain group department (maths)
nsswitch/winbindd_group.c:winbindd_getgrent(1110)
could not lookup domain group department (mecheng)


Can anyone help please?

Many thanks,
Steve :)


========================
SOME NOTES ON MY CONFIG:
========================

FreeBSD 7.0-RELEASE amd64
samba-3.0.28a,1

root at bax ~ $ testparm -s
Load smb config files from /usr/local/etc/smb.conf
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
[global]
         workgroup = TECHNOLOGY
         security = DOMAIN
         allow trusted domains = No
         syslog only = Yes
         load printers = No
         printcap name = /dev/null
         ldap ssl = no
         idmap domains = TECHNOLOGY
         template shell = /usr/local/bin/bash
         winbind enum users = Yes
         winbind enum groups = Yes
         winbind use default domain = Yes
         idmap config TECHNOLOGY:range = 10000-20000
         idmap config TECHNOLOGY:backend = rid

root at bax ~ $ wbinfo -u | wc -l
     2944
root at bax ~ $ wbinfo -g | wc -l
      117

root at bax ~ $ cat /etc/nsswitch.conf
group: files winbind
group_compat: files nis
hosts: files dns
networks: files
passwd: files winbind
passwd_compat: files nis
shells: files
services: files
services_compat: files nis
protocols: files
rpc: files

More information about the Ukfreebsd mailing list