# Samba 3.4.14 in Jail



## kchoudhu (Sep 22, 2011)

I've been trying without success to get samba to run in a jail, verifying users against an active directory installation. 

My configurations follow. 


```
[global]

interfaces                 =192.168.0.16/32
bind interfaces only       =yes
security                   =ads
realm                      =anserinae.net
password server            =awpsvc-win1.domain.net
workgroup                  =DOMAIN
idmap uid                  =10000-20000
idmap gid                  =10000-20000
idmap config ANSERINAE     : backend = ad
idmap config ANSERINAE     : range   = 40000-60000
winbind nss info           =rfc2307
winbind enum users         =yes
winbind enum groups        =yes
winbind nested groups      =yes
winbind expand groups      =1
template homedir           =/home/%D/%U
template shell             =/usr/local/bin/bash
client use spnego          =yes
client ntlmv2 auth         =yes
encrypt passwords          =yes
winbind use default domain =yes
restrict anonymous         =2
acl check permissions      =yes
follow symlinks            =yes
wide links                 =yes
unix extensions            =no
```

I've also change /etc/nsswitch.conf: 


```
group: [color="Red"]winbind[/color] files
group_compat: nis
hosts: files dns
networks: files
passwd: [color="red"]winbind[/color] files
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
```

This configuration is known to work outside the jail. Once in teh jail, however, I see `wbinfo -u` and `wbinfo -g` working, but the getent passwd returning only users local to the jail. 

Looking at /var/log/samba34/log.winbindd, I see a lot of repeated errors like this shortly after executing getent passwd: 


```
[2011/09/22 00:22:00,  1] winbindd/winbindd_group.c:1366(winbindd_getgrent)
  could not look up gid for group ExchangeLegacyInterop
[2011/09/22 00:22:00,  1] winbindd/winbindd_group.c:1366(winbindd_getgrent)
  could not look up gid for group Schema Admins
[2011/09/22 00:22:00,  1] winbindd/winbindd_group.c:1366(winbindd_getgrent)
  could not look up gid for group Enterprise Admins
[2011/09/22 00:22:00,  1] winbindd/winbindd_group.c:1366(winbindd_getgrent)
  could not look up gid for group Enterprise Read-only Domain Controllers
```

I also see the following inside /var/log/samba34/log.nbmd: 


```
[2011/09/22 00:29:46,  0] nmbd/nmbd_packets.c:1079(process_browse_packet)
  process_browse_packet: Discarding datagram from IP 192.168.0.16. Source name ABPSVC-UNIX2<00> is one of our names !
[2011/09/22 00:29:46,  0] nmbd/nmbd_packets.c:1079(process_browse_packet)
  process_browse_packet: Discarding datagram from IP 192.168.0.16. Source name ABPSVC-UNIX2<00> is one of our names !
```

It's all a little disconcerting -- especially when the configuration is known to work outside the jail. Has anyone ever seen this happening before?


----------

