[opensuse] Domain membership problem in OpenSuse 10.2
Dear Everyone, I am trying to use an OpenSuse 10.2 computer on a Windows 2000 domain using winbind authentication (join to domain). I added a few lines to the smb.conf for extracting sfu attributes, and my smb.conf looks like this: [global] idmap backend = ad idmap gid = 16777216-33554431 idmap uid = 16777216-33554431 winbind uid = 16777216-33554431 winbind gid = 16777216-33554431 password server = dell.umn.org.np realm = UMN.ORG.NP security = ADS template homedir = /home/%D/%U template shell = /bin/bash usershare allow guests = No winbind refresh tickets = yes winbind cache time = 3600 workgroup = HQ winbind use default domain = yes winbind enum users = Yes winbind enum groups = Yes winbind nested groups = Yes winbind nss info = sfu #Added for debugging purposes debuglevel = 4 log level = 4 I was able to easily view users and groups on the domain, and the group info would be extracted easily. I recently applied available patches to the computer, because there were some issues with cdrom access for domain users, and Ximian evolution connection to Microsoft exchange that went away only on updating. However, now I can see uids for users, but the gids are not getting resolved. I am attaching sample output below: opensuse:~ # id prajjwal uid=10000(prajjwal) gid=10000 groups=10000,10032,10133,10002,10117 opensuse:~ # groups prajjwal id: cannot find name for group ID 10000 10000 id: cannot find name for group ID 10032 10032 id: cannot find name for group ID 10133 10133 id: cannot find name for group ID 10002 10002 id: cannot find name for group ID 10117 10117 As samba-client and samba-winbind on the server were 3.0.23 even on updating, I even tried manually downloading the latest rpms from the opensuse ftp site and installing them. However, my problem still remains. My installed samba packages are listed below: opensuse:~ # rpm -qa|grep samba kdebase3-samba-3.5.5-78 yast2-samba-client-2.14.4-3 yast2-samba-server-2.14.3-10 samba-client-3.0.24-12.1.55 samba-winbind-3.0.24-12.1.55 Extra information: wbinfo -u and wbinfo -g both return proper domain user and group listings. wbinfo -p also returns a successful result. After doing getent group for a particular group, then that group can get resolved. For example, continuing on the information provided above: opensuse:~ # getent group 'Domain Users' domain users:x:10000:guest opensuse:~ # groups prajjwal id prdomain users id: cannot find name for group ID 10032 10032 id: cannot find name for group ID 10133 10133 id: cannot find name for group ID 10002 10002 id: cannot find name for group ID 10117 10117 opensuse:~ # id prajjwal uid=10000(prajjwal) gid=10000(domain users) groups=10000(domain users),10032,10133,10002,10117 As you can see, now the uid 10000 is resolved as Domain users, while other groups are still not resolved. All the other linux computers on my domain are running fine: I have got centos 4, fedora core 5, and opensuse 10.2 running. Can anyone help me get this problem sorted out? Thanks a lot, Prajjwal Message Disclaimer: This electronic message may contain confidential information. If you have received it in error, please immediately inform the sender and delete the mail and any attachments. Unless it relates to the official business of UMN, any opinions, views and other information expressed in this document are those of the individual sender. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sorry, my smb.conf looks like this (pasted the wrong file): [global] idmap backend = ad idmap gid = 1000-100000 idmap uid = 1000-100000 winbind uid = 16777216-33554431 winbind gid = 16777216-33554431 password server = dell.umn.org.np realm = UMN.ORG.NP workgroup = HQ security = ADS template homedir = /home/%D/%U template shell = /bin/bash usershare allow guests = No winbind refresh tickets = yes winbind cache time = 3600 workgroup = HQ winbind use default domain = yes winbind enum users = Yes winbind enum groups = Yes winbind nested groups = Yes winbind nss info = sfu winbind offline logon = Yes winbind use default domain = yes debuglevel = 4 log level = 4 Regards, Prajjwal Message Disclaimer: This electronic message may contain confidential information. If you have received it in error, please immediately inform the sender and delete the mail and any attachments. Unless it relates to the official business of UMN, any opinions, views and other information expressed in this document are those of the individual sender. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hi Everyone, I found out my mistake. The funny thing is: it works in Fedora Core 5, even though I have the same lines in the smb.conf file. The two lines: winbind uid = 16777216-33554431 winbind gid = 16777216-33554431 were causing the problem. I tried two things, and both worked: a. I changed the winbind uid and gid to 1000-100000, and I could get a proper listing b. Removing the winbind uid and gid lines altogether worked as well. Prajjwal On Fri, 2007-04-13 at 15:01 +0545, Prajjwal Devkota wrote:
Sorry, my smb.conf looks like this (pasted the wrong file): [global] idmap backend = ad idmap gid = 1000-100000 idmap uid = 1000-100000 winbind uid = 16777216-33554431 winbind gid = 16777216-33554431 password server = dell.umn.org.np realm = UMN.ORG.NP workgroup = HQ security = ADS template homedir = /home/%D/%U template shell = /bin/bash usershare allow guests = No winbind refresh tickets = yes winbind cache time = 3600 workgroup = HQ winbind use default domain = yes winbind enum users = Yes winbind enum groups = Yes winbind nested groups = Yes winbind nss info = sfu winbind offline logon = Yes winbind use default domain = yes debuglevel = 4 log level = 4
Regards, Prajjwal
Message Disclaimer: This electronic message may contain confidential information. If you have received it in error, please immediately inform the sender and delete the mail and any attachments. Unless it relates to the official business of UMN, any opinions, views and other information expressed in this document are those of the individual sender.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (1)
-
Prajjwal Devkota