Have you browsed the LDAP entries in ActiveDirectory to see if they match similar entries for working windows hosts. Under the computer entry, look carefully at dnsHostname and servicePrincipalName. For a server, there are many many entries for these two variables. CIFS/x2, HOSTx2, LDAPS?/, ..... and so on. On 4/7/09, Jason Ellison <infotek at gmail.com> wrote: > CentOS 5.3 getent does not return data from the active directory (ads) > > I have installed and configured kerberos and samba so that the > server can be a member of an existing Active Directory (AD). Correct > configuration of kerbos was verified using kinit and klist. The samba > configuration was verified by using "smbclient -k -L server". winbind > was verified by using "wbinfo -g". The problem seems to be nsswitch > accessing winbindd to get group information via the "getent group" > command. I added winbind to the /etc/nsswitch.conf file like so: > > [root at nagios ~]# grep winbind /etc/nsswitch.conf > passwd: files winbind > shadow: files winbind > group: files winbind > > I verified that all dynamic libraries are being accessed correctly > by using "strace getent group". > > Below is the debug output of winbindd when issuing various commands > that interact with it. The commands are noted in (parenthesis). > > (winbindd -i -d 9) > > 00a0 status: NT_STATUS_OK > > ("getent group" command issued) > > accepted socket 17 > [17171]: request interface version > [17171]: request location of privileged pipe > accepted socket 18 > [17171]: setgrent > [17171]: endgrent > > ("getent passwd" command issued) > > accepted socket 17 > [17172]: request interface version > [17172]: request location of privileged pipe > accepted socket 18 > [17172]: setpwent > [17172]: endpwent > > (winbindd -i -d 9) > > 00a0 status: NT_STATUS_OK > > ("wbinfo -g" command issued) > > accepted socket 17 > [17158]: request interface version > [17158]: request location of privileged pipe > accepted socket 18 > [17158]: list groups > get_sam_group_entries: BUILTIN or local domain; enumerating local groups as > well > Attempting to register passdb backend ldapsam > Successfully added passdb backend 'ldapsam' > Attempting to register passdb backend ldapsam_compat > Successfully added passdb backend 'ldapsam_compat' > Attempting to register passdb backend NDS_ldapsam > Successfully added passdb backend 'NDS_ldapsam' > Attempting to register passdb backend NDS_ldapsam_compat > Successfully added passdb backend 'NDS_ldapsam_compat' > Attempting to register passdb backend smbpasswd > Successfully added passdb backend 'smbpasswd' > Attempting to register passdb backend tdbsam > Successfully added passdb backend 'tdbsam' > Attempting to find an passdb backend to match tdbsam (tdbsam) > Found pdb backend tdbsam > pdb backend tdbsam has a valid init > get_sam_group_entries: Returned 2 local groups > get_sam_group_entries: BUILTIN or local domain; enumerating local groups as > well > get_sam_group_entries: Returned 0 local groups > get_cache: Setting ADS methods for domain COMPANY > ads: enum_dom_groups > > > NOTES: > > [root at nagios ~]# uname -a > Linux nagios.hq.company.local 2.6.18-128.1.6.el5xen #1 SMP Wed Apr 1 > 09:53:14 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux > > [root at nagios ~]# rpm -qa samba krb* nss* > nss_db-2.2-35.3 > nss_db-2.2-35.3 > krb5-libs-1.6.1-31.el5 > nss-tools-3.12.2.0-4.el5.centos > nss_ldap-253-17.el5 > krb5-libs-1.6.1-31.el5 > samba-3.0.33-3.7.el5 > krb5-auth-dialog-0.7-1 > nss-3.12.2.0-4.el5.centos > nss-3.12.2.0-4.el5.centos > nss_ldap-253-17.el5 > krb5-workstation-1.6.1-31.el5 > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >