On Thu, Jul 28, 2016 at 10:22:50AM +0100, John Hodrien wrote:
CentOS 7 install fully updated (sssd-1.13.0-40.el7_2.9.x86_64).
Samba setup, SSSD setup, using AD with SFU attributes.
wbinfo isn't doing SID -> UID/GID mappings properly.
# wbinfo -n correctuser
failed to call wbcLookupName: WBC_ERR_UNKNOWN_FAILURE
Could not lookup name correctuser
# wbinfo -n MYDOMAIN\\correctuser
S-1-5-21-XXXXX SID_USER (1) # Correct
# wbinfo -s S-1-5-21-XXXXX
failed to call wbcLookupSid: WBC_ERR_UNKNOWN_FAILURE
Could not lookup sid S-1-5-21-XXXXX
# wbinfo --user-sidinfo=S-1-5-21-XXXXX
correctuser:*:12345:678:Correct User:/correct/home:/bin/bash
I get basically the same behaviour with groups.
Results in the display of SIDs in Windows rather than resolved names.
Swap out to use winbind instead:
alternatives --set libwbclient.so.0.12-64 /usr/lib64/samba/wbclient/libwbclient.so.0.12
All works perfectly well, with all of those cases working fine, and Windows
clients happy as Larry.
If I restart SSSD and run wbinfo -s, I see in the logs that it find the right
record, in as much as it does a sane query, finds a the correctuser record,
and stores the user, and it declares that it found the SID later:
[sdap_search_user_process] (0x0400): Search for users, returned 1 results.
...
[sdap_save_user] (0x0400): Storing info for user correctuser
...
[ad_master_domain_next_done] (0x0400): Found SID [S-1-5-21-XXXXX]
Nothing looks pained, but it doesn't work.
Any clues how to debug this?
(sorry for the delay, I was on PTO and needed some time to work through
my email backlog.)
Please send me your sssd.conf and as a first step the nss responder logs
with debug_level=10 covering the requests.
As a general note, it is currently required to have
'use_fully_qualified_names = True' in sssd.conf to make the SSSD version
of libwbclient work properly.
HTH
bye,
Sumit
>
> jh
> _______________________________________________
> sssd-users mailing list
> sssd-users(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org