I've been trying without success to get samba to run in a jail, verifying users against an active directory installation.
My configurations follow.
I've also change /etc/nsswitch.conf:
This configuration is known to work outside the jail. Once in teh jail, however, I see
Looking at /var/log/samba34/log.winbindd, I see a lot of repeated errors like this shortly after executing getent passwd:
I also see the following inside /var/log/samba34/log.nbmd:
It's all a little disconcerting -- especially when the configuration is known to work outside the jail. Has anyone ever seen this happening before?
My configurations follow.
Code:
[global]
interfaces =192.168.0.16/32
bind interfaces only =yes
security =ads
realm =anserinae.net
password server =awpsvc-win1.domain.net
workgroup =DOMAIN
idmap uid =10000-20000
idmap gid =10000-20000
idmap config ANSERINAE : backend = ad
idmap config ANSERINAE : range = 40000-60000
winbind nss info =rfc2307
winbind enum users =yes
winbind enum groups =yes
winbind nested groups =yes
winbind expand groups =1
template homedir =/home/%D/%U
template shell =/usr/local/bin/bash
client use spnego =yes
client ntlmv2 auth =yes
encrypt passwords =yes
winbind use default domain =yes
restrict anonymous =2
acl check permissions =yes
follow symlinks =yes
wide links =yes
unix extensions =no
I've also change /etc/nsswitch.conf:
Code:
group: [color="Red"]winbind[/color] files
group_compat: nis
hosts: files dns
networks: files
passwd: [color="red"]winbind[/color] files
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
This configuration is known to work outside the jail. Once in teh jail, however, I see
wbinfo -u
and wbinfo -g
working, but the getent passwd returning only users local to the jail. Looking at /var/log/samba34/log.winbindd, I see a lot of repeated errors like this shortly after executing getent passwd:
Code:
[2011/09/22 00:22:00, 1] winbindd/winbindd_group.c:1366(winbindd_getgrent)
could not look up gid for group ExchangeLegacyInterop
[2011/09/22 00:22:00, 1] winbindd/winbindd_group.c:1366(winbindd_getgrent)
could not look up gid for group Schema Admins
[2011/09/22 00:22:00, 1] winbindd/winbindd_group.c:1366(winbindd_getgrent)
could not look up gid for group Enterprise Admins
[2011/09/22 00:22:00, 1] winbindd/winbindd_group.c:1366(winbindd_getgrent)
could not look up gid for group Enterprise Read-only Domain Controllers
I also see the following inside /var/log/samba34/log.nbmd:
Code:
[2011/09/22 00:29:46, 0] nmbd/nmbd_packets.c:1079(process_browse_packet)
process_browse_packet: Discarding datagram from IP 192.168.0.16. Source name ABPSVC-UNIX2<00> is one of our names !
[2011/09/22 00:29:46, 0] nmbd/nmbd_packets.c:1079(process_browse_packet)
process_browse_packet: Discarding datagram from IP 192.168.0.16. Source name ABPSVC-UNIX2<00> is one of our names !
It's all a little disconcerting -- especially when the configuration is known to work outside the jail. Has anyone ever seen this happening before?