http://bugzilla.novell.com/show_bug.cgi?id=619905 http://bugzilla.novell.com/show_bug.cgi?id=619905#c1 Joachim Reichelt <Joachim.Reichelt@helmholtz-hzi.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Other |Samba AssignedTo|bnc-team-screening@forge.pr |samba-maintainers@SuSE.de |ovo.novell.com | QAContact|qa@suse.de |samba-maintainers@SuSE.de --- Comment #1 from Joachim Reichelt <Joachim.Reichelt@helmholtz-hzi.de> 2010-07-05 15:17:18 UTC --- in messages I see: Jul 5 16:51:45 sbjre su: FAILED SU (to software) jre on /dev/pts/14 Jul 5 16:54:58 sbjre login[12634]: pam_winbind(login:account): valid_user: wbcGetpwnam gave WBC_ERR_DOMAIN_NOT_FOUND Jul 5 16:54:58 sbjre login[12634]: Fehler im Service-Modul Google told me, it's samba related. samba is o.k, trust to domain o.k etc. wbinfo did not show an error # testparm Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=619905 http://bugzilla.novell.com/show_bug.cgi?id=619905#c2 Lars Müller <lmuelle@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low Status|NEW |NEEDINFO InfoProvider| |Joachim.Reichelt@helmholtz- | |hzi.de --- Comment #2 from Lars Müller <lmuelle@novell.com> 2010-07-06 11:36:00 UTC ---

From the Samba source tar ball in nsswitch/libwbclient/wbclient.h

WBC_ERR_DOMAIN_NOT_FOUND, /**< Domain is not trusted or cannot be found **/ If you still believe this is a Samba issue please follow the Samba bug reporting instructions from http://en.openSUSE.org/Bugs/Samba Might this be an issue of your network? Please try to resolve single user IDs served by your Microsoft server. id DOMAINNAME\\username for example. This example expects you're using the default "winbind separator", the "\" char. An alternative approach is to call wbinfo --domain-users Depending on your Microsoft server configuration this might cause a high load on the server side. "wbinfo --check-secret" therefore might be a better starting point for your further investigation. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=619905 http://bugzilla.novell.com/show_bug.cgi?id=619905#c3 Joachim Reichelt <Joachim.Reichelt@helmholtz-hzi.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|Joachim.Reichelt@helmholtz- | |hzi.de | --- Comment #3 from Joachim Reichelt <Joachim.Reichelt@helmholtz-hzi.de> 2010-07-06 12:11:00 UTC --- I started from a working 11.2, using zypper -dup to upgrade to 11.3rc2 # wbinfo --domain-users gives a complet list e.g. # wbinfo --domain-users| wc -l 9176 # wbinfo --check-secret checking the trust secret for domain HZIDOMAIN via RPC calls succeeded but: # id 'GBFDOMAIN\abc' id: GBFDOMAIN\abc: No such user As I'm trying to get UID from AD, there is no idmap set up. And: We want to have this order to resolve uids: local files NIS AD So it might be an issue changing samba from 3.4.3 to 3.5.4. I got the same from id on the old system, but it did not kick off NIS. debug in winbindd does not show any meaningfull things: [2010/07/06 14:03:40.681487, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) idmap_alloc module tdb already registered! [2010/07/06 14:03:40.681589, 0] winbindd/idmap.c:149(smb_register_idmap) Idmap module passdb already registered! [2010/07/06 14:03:40.681655, 0] winbindd/idmap.c:149(smb_register_idmap) Idmap module nss already registered! [2010/07/06 14:08:03.150448, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) idmap_alloc module tdb already registered! [2010/07/06 14:08:03.150536, 0] winbindd/idmap.c:149(smb_register_idmap) Idmap module passdb already registered! [2010/07/06 14:08:03.150557, 0] winbindd/idmap.c:149(smb_register_idmap) Idmap module nss already registered! [2010/07/06 14:09:51.536816, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) idmap_alloc module tdb already registered! [2010/07/06 14:09:51.536870, 0] winbindd/idmap.c:149(smb_register_idmap) Idmap module passdb already registered! [2010/07/06 14:09:51.536897, 0] winbindd/idmap.c:149(smb_register_idmap) Idmap module nss already registered! /var/log/samba/log.winbindd-idmap lines 1017-1060/1060 (END) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=619905 http://bugzilla.novell.com/show_bug.cgi?id=619905#c5 --- Comment #5 from Joachim Reichelt <Joachim.Reichelt@helmholtz-hzi.de> 2010-07-06 14:43:50 UTC --- O.K. I looked arround and found the problem in /etc/pam.d Changed all required of pam_winbind.so to sufficient: common-account-pc:## account required pam_winbind.so use_first_pass common-account-pc:account sufficient pam_winbind.so use_first_pass common-auth-pc:# auth required pam_winbind.so use_first_pass common-auth-pc:auth sufficient pam_winbind.so use_first_pass common-password-pc:password sufficient pam_winbind.so But what to do with: common-session-pc:# session required pam_winbind.so Now I can: su to local, NIS and ADS login tested local and NIS -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.