This discussion is archived
13 Replies Latest reply: Dec 7, 2012 9:14 PM by Stlouis1 RSS

nsswitch.conf

Stlouis1 Newbie
Currently Being Moderated
Hi everyone,

I'm going to start by mentioning that I'm new to solaris. I've mostly been an archlinux user thus far. Now I've built a new fileserver and decided to run solaris because I felt that ZFS had a lot to offer, and I'm playing with the idea of moving my webserver into a zone on this new box in order to take the dedicated system offline as it's underutilized.

Now the main things I need so far are kerberos for active directory integration, and smb for file sharing, this seems fairly simple to me, and nothing I haven't done on a typical Linux system

but I'm having problems. getting things going has not been as painless as I expected, I've hit a learning curve so to speak and I'm having a few issues.

I'm going to start with winbind.

How do I configure the nsswitch.conf so that it doesn't get reset after I reboot the system?

everytime I boot, I have to reconfigure it, and restart winbind in order to get anything listed with getent

the other thing there, is when I run getent passwd, I see my AD users listed. but when I run getent group, I only see the local groups, nothing from AD appears
  • 1. Re: nsswitch.conf
    933584 Newbie
    Currently Being Moderated
    I too recently switched to Solaris from Linux/Ubuntu mostly for zfs, stable iscsi and stability in general. One of the first things I had to learn, was the Solaris has a tool to modify almost every configuration file. You should never touch any of them directly anymore. Lots of sites on the internet still tell you to modify stuff like nsswitch.conf, resolve.conf directly, but thats wrong.

    You may have also had a problem getting DNS to resolve also for cmd line tools. The program 'svccfg' is the tool to modify nsswitch, dns client, ect.
    :> svccfg -s network/dns/client setprop config/nameserver = net_address: "(192.168.1.1 192.168.1.6)"
    :> svccfg -s network/dns/client setprop config/domain = astring: "testrealm.com"
    :> svccfg -s network/dns/client setprop config/search = astring: '("testrealm.com" "vm.testrealm.com")'
    :> svccfg -s network/dns/client setprop config/host = astring: '("files" "dns")'
    Now create the resolve.conf
    :> nscfg export svc:/network/dns/client:default
    Now you need to modify the nsswitch.conf file using the following.
    :> svccfg -s name-service/switch config/host = astring: '(“files dns”)'
    :> svccfg -s name-service/switch config/ipnodes = astring: '("files dns")'
    And finally push the configuration to nsswitch
    :> svcadm refresh svc:/system/name-service/switch:default
    You should now see files/dns as the search for host and ipnodes.

    I also successfully got Solaris 11, its native SMB server and LDAP client working to serve up shares authenticated by the domain and using ACLs that windows sets. I can provide some help on that if you get stuck.
  • 2. Re: nsswitch.conf
    Stlouis1 Newbie
    Currently Being Moderated
    I meant to post this earlier, busy at work though, so I'm squeezing this in on my break.

    here's some terminal output of what I have to keep repeating.

    login after reboot

    login as: solaris
    Using keyboard-interactive authentication.
    Password:
    Last login: Wed Dec 5 13:27:33 2012 from srv-ad.sergeinc
    Oracle Corporation SunOS 5.11 11.1 September 2012

    check winbind, no AD groups

    solaris@srv-data:~$ getent group
    root::0:
    other::1:root
    bin::2:root,daemon
    sys::3:root,bin,adm
    adm::4:root,daemon
    uucp::5:root
    mail::6:root
    tty::7:root,adm
    lp::8:root,adm
    nuucp::9:root
    staff::10:
    daemon::12:root
    sysadmin::14:
    games::20:
    smmsp::25:
    gdm::50:
    upnp::52:
    xvm::60:
    netadm::65:
    mysql::70:
    openldap::75:
    webservd::80:
    postgres::90:
    slocate::95:
    unknown::96:
    nobody::60001:
    noaccess::60002:
    nogroup::65534:
    aiuser::61:
    pkg5srv::97:

    check nsswitch - no winbind

    solaris@srv-data:~$ cat /etc/nsswitch.conf

    #
    # AUTOGENERATEDFROM_SMF_V1_
    #
    # WARNING: THIS FILE GENERATED FROM SMF DATA.
    # DO NOT EDIT THIS FILE. EDITS WILL BE LOST.
    # See nsswitch.conf(4) for details.

    passwd: files
    group: files
    hosts: files dns mdns
    ipnodes: files dns mdns
    networks: files
    protocols: files
    rpc: files
    ethers: files
    netmasks: files
    bootparams: files
    publickey: files
    netgroup: files
    automount: files
    aliases: files
    services: files
    printers: user files
    project: files
    auth_attr: files
    prof_attr: files
    tnrhtp: files
    tnrhdb: files
    sudoers: files

    reconfigure nsswitch, i've also followed the method on this page, and it keeps getting cleared
    *http://www.nineproductions.com/solaris-11-samba-zfs-configuration/

    # svccfg -s name-service/switch
    setprop config/password = "files winbind"
    setprop config/group = "files winbind"
    exit
    # svcadm refresh name-service/switch
    Make sure the entries were adjusted in nsswitch by:

    cat /etc/nsswitch.conf
    You should see the following entries in passwd and group:

    passwd: files winbind
    group: files winbind*

    solaris@srv-data:~$ sudo nano /etc/nsswitch.conf
    Password:

    solaris@srv-data:~$ sudo nscfg import -f svc:/system/name-service/switch:default

    solaris@srv-data:~$ cat /etc/nsswitch.conf
    #
    # AUTOGENERATEDFROM_SMF_V1_
    #
    # WARNING: THIS FILE GENERATED FROM SMF DATA.
    # DO NOT EDIT THIS FILE. EDITS WILL BE LOST.
    # See nsswitch.conf(4) for details.

    passwd: files winbind
    group: files winbind
    hosts: files dns mdns
    ipnodes: files dns mdns
    networks: files
    protocols: files
    rpc: files
    ethers: files
    netmasks: files
    bootparams: files
    publickey: files
    netgroup: files
    automount: files
    aliases: files
    services: files
    printers: user files
    project: files
    auth_attr: files
    prof_attr: files
    tnrhtp: files
    tnrhdb: files
    sudoers: files

    still no groups showing up though

    solaris@srv-data:~$ getent group
    root::0:
    other::1:root
    bin::2:root,daemon
    sys::3:root,bin,adm
    adm::4:root,daemon
    uucp::5:root
    mail::6:root
    tty::7:root,adm
    lp::8:root,adm
    nuucp::9:root
    staff::10:
    daemon::12:root
    sysadmin::14:
    games::20:
    smmsp::25:
    gdm::50:
    upnp::52:
    xvm::60:
    netadm::65:
    mysql::70:
    openldap::75:
    webservd::80:
    postgres::90:
    slocate::95:
    unknown::96:
    nobody::60001:
    noaccess::60002:
    nogroup::65534:
    aiuser::61:
    pkg5srv::97:

    users are there

    solaris@srv-data:~$ getent passwd

    root:x:0:0:Super-User:/root:/usr/bin/bash
    daemon:x:1:1::/:
    bin:x:2:2::/usr/bin:
    sys:x:3:3::/:
    adm:x:4:4:Admin:/var/adm:
    lp:x:71:8:Line Printer Admin:/:
    uucp:x:5:5:uucp Admin:/usr/lib/uucp:
    nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
    dladm:x:15:65:Datalink Admin:/:
    netadm:x:16:65:Network Admin:/:
    netcfg:x:17:65:Network Configuration Admin:/:
    smmsp:x:25:25:SendMail Message Submission Program:/:
    gdm:x:50:50:GDM Reserved UID:/var/lib/gdm:
    zfssnap:x:51:12:ZFS Automatic Snapshots Reserved UID:/:/usr/bin/pfsh
    upnp:x:52:52:UPnP Server Reserved UID:/var/coherence:/bin/ksh
    xvm:x:60:60:xVM User:/:
    mysql:x:70:70:MySQL Reserved UID:/:
    openldap:x:75:75:OpenLDAP User:/:
    webservd:x:80:80:WebServer Reserved UID:/:
    postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh
    svctag:x:95:12:Service Tag UID:/:
    unknown:x:96:96:Unknown Remote UID:/:
    nobody:x:60001:60001:NFS Anonymous Access User:/:
    noaccess:x:60002:60002:No Access User:/:
    nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
    aiuser:x:61:61:AI User:/:
    pkg5srv:x:97:97:pkg(5) server UID:/:
    solaris:x:100:10:Serge Harrison:/home/solaris:/usr/bin/bash
    guest:*:5000:5007:Guest:/tank/users/guest:/bin/bash
    krbtgt:*:5001:5008:krbtgt:/tank/users/krbtgt:/bin/bash
    administrator:*:5002:5008:Administrator:/tank/users/administrator:/bin/bash
    mark:*:5004:5008:Mark:/tank/users/mark:/bin/bash
    tristan:*:5005:5009:Tristan Harrison:/tank/users/tristan:/bin/bash
    lorraine:*:5006:5009:Lorraine:/tank/users/lorraine:/bin/bash
    test:*:5007:5008:test:/tank/users/test:/bin/bash
    duane:*:5008:5008:Duane Cheverie:/tank/users/duane:/bin/bash

    restart samba - which is another issue ill get to later

    solaris@srv-data:~$ sudo svcadm restart samba

    resolv.conf is fine though when i reboot, i ahven't had to touch it as everything gets picked up correctly..

    solaris@srv-data:~$ cat /etc/resolv.conf

    #
    # AUTOGENERATEDFROM_SMF_V1_
    #
    # WARNING: THIS FILE GENERATED FROM SMF DATA.
    # DO NOT EDIT THIS FILE. EDITS WILL BE LOST.
    # See resolv.conf(4) for details.

    domain sergeinc.org
    nameserver 10.66.1.1




    maybe that will help determine where im going wrong? i noticed you did an export in there....maybe that's what im missing? ill try it at home later

    Edited by: 975146 on Dec 5, 2012 12:30 PM
  • 3. Re: nsswitch.conf
    933584 Newbie
    Currently Being Moderated
    I'm not too familiar with winbind on Solaris 11. I used the built in ldapclient and the built-in SMB server instead of SAMBA. And quite honestly its run way better than winbind/samba on another linux machine where I have it setup.

    Given that users are listed, it seems things are working, however the mappings for groups may not be setup right? Does your Samba configuration include something similar to this?
    # winbind
    winbind separator = +
    idmap uid = 11000-19000
    idmap gid = 11000-19000
    winbind enum users = yes
    winbind enum groups = yes
    winbind nested groups = yes
    allow trusted domains = yes
  • 4. Re: nsswitch.conf
    Stlouis1 Newbie
    Currently Being Moderated
    yes, I do have that in my smb.conf. I don't have the uid and gid sections, when I ran testparm it said those were deprecated so i cut them out. One issue i'm seeing from my AD server though, is that it doesn't seem to broadcast the host name at all. I can type in the path to \\srv-data\ and access shares, but I don't see it on the network from the AD server or my other linux machine, or mac systems

    [Global]
    # Logging
    log level = 1
    syslog only = no
    max log size = 50
    log file = /var/samba/log/%m.log

    netbios name = SRV-DATA
    realm = SERGEINC.ORG
    workgroup = SERGEINC
    security = ads
    encrypt passwords = true
    wins server = 10.66.1.9
    unix extensions = no
    client signing = yes

    winbind use default domain = Yes
    winbind enum users = Yes
    winbind enum groups = Yes
    winbind nested groups = Yes
    winbind separator = +
    winbind refresh tickets = yes

    template shell = /bin/bash
    template homedir = /tank/users/%U

    preferred master = no
    dns proxy = no
    wins server = srv-ad.sergeinc.org
    wins proxy = no

    inherit acls = Yes
    map acl inherit = Yes
    acl group control = yes

    load printers = no
    debug level = 3




    Now if there is a better way to configure all this withthe built in smb server, i'm all ears. I tried the kclient wizard, but it was giving me errors, I will happily start over if that is the better way to do it.
  • 5. Re: nsswitch.conf
    Stlouis1 Newbie
    Currently Being Moderated
    I took another stab at the kclient config. i'd like to know what i'm missing here though


    solaris@srv-data:~$ sudo svccfg -s network/dns/client setprop config/nameserver = net_address: "(10.66.1.1 10.66.1.9)"
    Password:
    solaris@srv-data:~$ sudo svccfg -s network/dns/client setprop config/domain = astring: "sergeinc.org
    solaris@srv-data:~$ sudo svccfg -s network/dns/client setprop config/domain = astring: "sergeinc.org"
    solaris@srv-data:~$ sudo svccfg -s network/dns/client setprop config/search = astring: "sergeinc.org"
    solaris@srv-data:~$ sudo svccfg -s network/dns/client setprop config/host = astring: '("files" "dns")'
    solaris@srv-data:~$ sudo nscfg export svc:/network/dns/client:default
    solaris@srv-data:~$ cat /etc/resolv.conf

    +#+
    +# AUTOGENERATEDFROM_SMF_V1_+
    +#+
    +# WARNING: THIS FILE GENERATED FROM SMF DATA.+
    +# DO NOT EDIT THIS FILE. EDITS WILL BE LOST.+
    +# See resolv.conf(4) for details.+

    domain  sergeinc.org*
    search  sergeinc.org*
    nameserver      10.66.1.1*
    nameserver      10.66.1.9*


    solaris@srv-data:~$ cat /etc/nsswitch.conf

    +#+
    +# AUTOGENERATEDFROM_SMF_V1_+
    +#+
    +# WARNING: THIS FILE GENERATED FROM SMF DATA.+
    +# DO NOT EDIT THIS FILE. EDITS WILL BE LOST.+
    +# See nsswitch.conf(4) for details.+

    passwd: files winbind
    group:  files winbind
    hosts:  files dns mdns
    ipnodes:        files dns mdns
    networks:       files
    protocols:      files
    rpc:    files
    ethers: files
    netmasks:       files
    bootparams:     files
    publickey:      files
    netgroup:       files
    automount:      files
    aliases:        files
    services:       files
    printers:       user files
    project:        files
    auth_attr:      files
    prof_attr:      files
    tnrhtp: files
    tnrhdb: files
    sudoers:        files

    solaris@srv-data:~$ sudo svccfg -s name-service/switch setprop config/host = astring: '("files dns")'
    solaris@srv-data:~$ sudo svccfg -s name-service/switch setprop config/ipnodes = astring: '("files dns")'
    solaris@srv-data:~$ sudo svcadm refresh svc:/system/name-service/switch:default
    solaris@srv-data:~$ cat /etc/nsswitch.conf

    +#+
    +# AUTOGENERATEDFROM_SMF_V1_+
    +#+
    +# WARNING: THIS FILE GENERATED FROM SMF DATA.+
    +# DO NOT EDIT THIS FILE. EDITS WILL BE LOST.+
    +# See nsswitch.conf(4) for details.+

    passwd: files winbind
    group:  files winbind
    hosts:  files dns*
    ipnodes:        files dns*
    networks:       files
    protocols:      files
    rpc:    files
    ethers: files
    netmasks:       files
    bootparams:     files
    publickey:      files
    netgroup:       files
    automount:      files
    aliases:        files
    services:       files
    printers:       user files
    project:        files
    auth_attr:      files
    prof_attr:      files
    tnrhtp: files
    tnrhdb: files
    sudoers:        files

    solaris@srv-data:~$ sudo cp /etc/krb5/krb5.conf /etc/krb5/krb5.conf.backup

    solaris@srv-data:~$ kclient

    Can not create directory: /system/volatile/kclient

    solaris@srv-data:~$ sudo kclient

    Starting client setup

    ---------------------------------------------------
    +Is this a client of a non-Solaris KDC ? [y/n]: y+
    Which type of KDC is the server:
    ms_ad: Microsoft Active Directory
    mit: MIT KDC server
    heimdal: Heimdal KDC server
    shishi: Shishi KDC server
    Enter required KDC type: ms_ad

    Setting up /etc/krb5/krb5.conf.

    Attempting to join 'SRV-DATA' to the 'SERGEINC.ORG' domain.

    Password for Administrator@SERGEINC.ORG:

    Forest name found: sergeinc.org

    Site name not found.  Local DCs/GCs will not be discovered.+

    Computer account 'SRV-DATA' already exists in the 'SERGEINC.ORG' domain.
    +Do you wish to recreate this computer account ? [y/n]: y+

    +Would you like to delete any sub-object found for this computer account ? [y/n]: y+
    Looking to see if the machine account contains other objects...
    Creating the machine account in AD via LDAP.

    Warning: unable to create DNS records for client.
    This could mean that 'srv-ad.sergeinc.org' is not included as a 'nameserver' in the /etc/resolv.conf file or some other type of error.
    ---------------------------------------------------
    Setup COMPLETE.




    so that all seemed well.....but then after a reboot....

    solaris@srv-data:~$ cat /etc/nsswitch.conf

    +#+
    +# AUTOGENERATEDFROM_SMF_V1_+
    +#+
    +# WARNING: THIS FILE GENERATED FROM SMF DATA.+
    +# DO NOT EDIT THIS FILE. EDITS WILL BE LOST.+
    +# See nsswitch.conf(4) for details.+

    passwd: files
    group:  files
    hosts:  files dns mdns*
    ipnodes:        files dns mdns*
    networks:       files
    protocols:      files
    rpc:    files
    ethers: files
    netmasks:       files
    bootparams:     files
    publickey:      files
    netgroup:       files
    automount:      files
    aliases:        files
    services:       files
    printers:       user files
    project:        files
    auth_attr:      files
    prof_attr:      files
    tnrhtp: files
    tnrhdb: files
    sudoers:        files
    solaris@srv-data:~$ cat /etc/resolv.conf

    +#+
    +# AUTOGENERATEDFROM_SMF_V1_+
    +#+
    +# WARNING: THIS FILE GENERATED FROM SMF DATA.+
    +# DO NOT EDIT THIS FILE. EDITS WILL BE LOST.+
    +# See resolv.conf(4) for details.+

    domain  sergeinc.org*
    nameserver      10.66.1.1*
    solaris@srv-data:~$
  • 6. Re: nsswitch.conf
    Stlouis1 Newbie
    Currently Being Moderated
    Ah, I think I found where I went wrong

    I referred back to this blog again and got my shares working using the built in methods. so i disabled and uninstalled samba, leaving just smb
    https://blogs.oracle.com/paulie/entry/cifs_sharing_on_solaris_11

    now i was able to reboot, and the shares stayed shared....my only issue is now i can't log in remotely....i hope it's just remotely....

    mac:~ user$ ssh solaris@srv-data.sergeinc.org
    Permission denied (gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive).

    The other thing, is it seems to be discoverable since i can see it when i browse the network, not just when I enter the path manually

    I've also been digging through the docs more and I think these will cover what I was missing. Hopefully I'll be able to respond back later to indicate it's resolved

    http://docs.oracle.com/cd/E23824_01/html/821-1455/adsetup-10.html

    http://docs.oracle.com/cd/E23824_01/html/821-1455/dnsref-31.html#dnsref-36
  • 7. Re: nsswitch.conf
    933584 Newbie
    Currently Being Moderated
    Glad you got that working. For the login, you'll need to get the ldapclient connected to the AD server for uid/guid lookups. Also for kerberos, once you've joined Samba to the domain, smbadm join -u [user] [domain], then you can just call 'kinit'. This will get a ticket, make sure your solaris clock is matched with domain clock as much as possible.

    You'll probably want to stop the winbind service before doing these steps.

    Here is a page about solaris 10 and AD, you can ignore most of it, but the ldapclient manual configuration is what you will want to use.
    http://blog.scottlowe.org/2006/08/15/solaris-10-and-active-directory-integration/

    You don't need to touch the kerberos files, the kinit will take care of that. One thing to note, after you run a successful ldapclient manual configuration, it will replace your nsswitch entries with "files ldap" for everything. You will need to re-add dns to the hosts and ipnodes.

    Once that is done, getent passwd and getent groups should now show just as they did with winbind.

    To handle logins however, you need to add the ldap module to the pam modules. in /etc/pam.d/ modify login, other, passwd, ppp, rlogin, rsh to include "auth sufficient pam_ldap.so.1" at the bottom.

    Now SMB and ssh will be able to authenticate.

    To get the first share working properly, you will need to modify it with the right ACLs so your domain admins or whichever login you want to use can create new folders ect.
    use idmap to get the ID number to pass in to the ACL.
    tfs@husker:/~$ idmap dump -n
    wingroup:Developers@ms.test.com   ==      gid:2147491848
    wingroup:NLS@ms.test.com  ==      gid:2147491847
    wingroup:SOFP@ms.test.com ==      gid:2147491849
    winuser:toms@ms.test.com  ==      uid:2147491841
    wingroup:Domain Users@ms.test.com ==      gid:2147491842
    In this case I want to give myself toms full access to the first share, then I can just use the windows explorer dialog to modify the security later.
    #chmod A+user:2147491841:full_set:allow /tank/smb/public
    You need to make sure you have the UNIX plugin to AD installed so AD is the one handling the uid/gids of the AD people connecting. Come to think of it, its possible that was the issue with your winbind not showing groups. If the group doesn't have a GID assigned to it by AD, then it will not show in getent groups. If you do not see a user or a group showing up now, it is probably that issue.

    You'll know if you have the UNIX tools installed if you see a "UNIX Attributes" tab in the properties window of a user or group from the "Active Directory Users and Groups".

    When you try and SSH in with an AD user, it will user the "home directory" field from the UNIX Attributes tab to try and create the home folder for. You need to use the auto_home file to be able to mount the proper locations for them. Other wise SSH will not let you log in. I get this when trying to SU to an AD user:
    tfs@husker:/etc/pam.d$ sudo su - toms
    Password: 
    su: No directory!
    I haven't setup home folders for AD users yet.
  • 8. Re: nsswitch.conf
    Stlouis1 Newbie
    Currently Being Moderated
    well, it looks like i'm starting over......

    unless I can figure out how to boot from the CD and mount the root file system to edit pam.conf

    after I uninstalled samba, I failed to remove the pam_winbind.so from pam.conf

    I can't even log into it in single user mode

    I tried booting from the DVD, but can't I'm having difficulty figuring out the translations for block devices to mount the right disk.....
  • 9. Re: nsswitch.conf
    933584 Newbie
    Currently Being Moderated
    Well thats no good, did a line get deleted in pam.d/ files?

    Edited by: TomS on Dec 7, 2012 9:06 AM
  • 10. Re: nsswitch.conf
    Stlouis1 Newbie
    Currently Being Moderated
    no lines were deleted....that was the problem, it was trying to load modules that didn't exist on the system anymore....so i was failing to load pam altogether
  • 11. Re: nsswitch.conf
    933584 Newbie
    Currently Being Moderated
    Just a thought, if you haven't already re-installed. At the grub boot menu, you will have some backup boot images if any updates have been installed. Select the prior one and it will load the earlier version of rpool with the intact PAM files. Which you can then maybe copy to the current rpool snapshot.
  • 12. Re: nsswitch.conf
    Stlouis1 Newbie
    Currently Being Moderated
    I did have a restore point to try.....it didn't work.

    that's when I tried single user mode and booting from the DVD, that's when I started referring to the doc below, and other similar docs, when I didn't get anywhere in a timely fashion, I gave up and started reinstalling the OS this morning before I left for work.

    http://docs.oracle.com/cd/E19253-01/819-5461/gjpna/index.html

    I was able to ssh to it from work on my "lunch break" and do most of the configuration from there. DNS is set, I went through kclient, got my samba shares up. Now it's just a matter of configuring ldap which I've never done yet and may find a tad tedious, and finally tweaking the permissions for my shares.

    One thing I don't understand, does the built in smb.conf still use the smb.conf? I had a umask set on one of my shares to set everything to 777 as it was just an open free for all share. can I still do that?

    Edited by: Stlouis1 on Dec 7, 2012 7:01 PM
  • 13. Re: nsswitch.conf
    Stlouis1 Newbie
    Currently Being Moderated
    uhm, not sure but I think I missed something with the ldap configuration

    solaris@srv-data:~$ idmap dump -n
    winuser:Guest@srv-data == uid:2147483649
    wingroup:Domain Users@srv-data == gid:2147483650
    wingroup:Guests@BUILTIN == gid:2147483652
    usid:S-1-5-21-2798885378-1147751391-3997799403-1104     ==      uid:2147483650
    usid:S-1-5-21-2798885378-1147751391-3997799403-512 == gid:2147483654
    usid:S-1-5-21-2798885378-1147751391-3997799403-513 == gid:2147483653
    usid:S-1-5-21-2798885378-1147751391-3997799403-519 == gid:2147483655
    usid:S-1-5-21-2798885378-1147751391-3997799403-518 == gid:2147483656
    usid:S-1-5-21-2798885378-1147751391-3997799403-572 == gid:2147483657
    wingroup:Network == gid:2147483651
    wingroup:Authenticated Users == gid:2147483658
    wingroup:Administrators@BUILTIN == gid:2147483659


    The one I bolded is my account...but I don't get why it's showing the uid string and not the account name??


    edit....

    and I'm back to square one....after I rebooted the server, nsswitch.conf is back to its out of box state, the ldap enties and everything are gone....WTF....

    Edited by: Stlouis1 on Dec 8, 2012 12:14 AM

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points