13 Replies Latest reply: Dec 7, 2012 11:14 PM by Stlouis1 RSS

    nsswitch.conf

    Stlouis1
      Hi everyone,

      I'm going to start by mentioning that I'm new to solaris. I've mostly been an archlinux user thus far. Now I've built a new fileserver and decided to run solaris because I felt that ZFS had a lot to offer, and I'm playing with the idea of moving my webserver into a zone on this new box in order to take the dedicated system offline as it's underutilized.

      Now the main things I need so far are kerberos for active directory integration, and smb for file sharing, this seems fairly simple to me, and nothing I haven't done on a typical Linux system

      but I'm having problems. getting things going has not been as painless as I expected, I've hit a learning curve so to speak and I'm having a few issues.

      I'm going to start with winbind.

      How do I configure the nsswitch.conf so that it doesn't get reset after I reboot the system?

      everytime I boot, I have to reconfigure it, and restart winbind in order to get anything listed with getent

      the other thing there, is when I run getent passwd, I see my AD users listed. but when I run getent group, I only see the local groups, nothing from AD appears
        • 1. Re: nsswitch.conf
          933584
          I too recently switched to Solaris from Linux/Ubuntu mostly for zfs, stable iscsi and stability in general. One of the first things I had to learn, was the Solaris has a tool to modify almost every configuration file. You should never touch any of them directly anymore. Lots of sites on the internet still tell you to modify stuff like nsswitch.conf, resolve.conf directly, but thats wrong.

          You may have also had a problem getting DNS to resolve also for cmd line tools. The program 'svccfg' is the tool to modify nsswitch, dns client, ect.
          :> svccfg -s network/dns/client setprop config/nameserver = net_address: "(192.168.1.1 192.168.1.6)"
          :> svccfg -s network/dns/client setprop config/domain = astring: "testrealm.com"
          :> svccfg -s network/dns/client setprop config/search = astring: '("testrealm.com" "vm.testrealm.com")'
          :> svccfg -s network/dns/client setprop config/host = astring: '("files" "dns")'
          Now create the resolve.conf
          :> nscfg export svc:/network/dns/client:default
          Now you need to modify the nsswitch.conf file using the following.
          :> svccfg -s name-service/switch config/host = astring: '(“files dns”)'
          :> svccfg -s name-service/switch config/ipnodes = astring: '("files dns")'
          And finally push the configuration to nsswitch
          :> svcadm refresh svc:/system/name-service/switch:default
          You should now see files/dns as the search for host and ipnodes.

          I also successfully got Solaris 11, its native SMB server and LDAP client working to serve up shares authenticated by the domain and using ACLs that windows sets. I can provide some help on that if you get stuck.
          • 2. Re: nsswitch.conf
            Stlouis1
            I meant to post this earlier, busy at work though, so I'm squeezing this in on my break.

            here's some terminal output of what I have to keep repeating.

            login after reboot

            login as: solaris
            Using keyboard-interactive authentication.
            Password:
            Last login: Wed Dec 5 13:27:33 2012 from srv-ad.sergeinc
            Oracle Corporation SunOS 5.11 11.1 September 2012

            check winbind, no AD groups

            solaris@srv-data:~$ getent group
            root::0:
            other::1:root
            bin::2:root,daemon
            sys::3:root,bin,adm
            adm::4:root,daemon
            uucp::5:root
            mail::6:root
            tty::7:root,adm
            lp::8:root,adm
            nuucp::9:root
            staff::10:
            daemon::12:root
            sysadmin::14:
            games::20:
            smmsp::25:
            gdm::50:
            upnp::52:
            xvm::60:
            netadm::65:
            mysql::70:
            openldap::75:
            webservd::80:
            postgres::90:
            slocate::95:
            unknown::96:
            nobody::60001:
            noaccess::60002:
            nogroup::65534:
            aiuser::61:
            pkg5srv::97:

            check nsswitch - no winbind

            solaris@srv-data:~$ cat /etc/nsswitch.conf

            #
            # AUTOGENERATEDFROM_SMF_V1_
            #
            # WARNING: THIS FILE GENERATED FROM SMF DATA.
            # DO NOT EDIT THIS FILE. EDITS WILL BE LOST.
            # See nsswitch.conf(4) for details.

            passwd: files
            group: files
            hosts: files dns mdns
            ipnodes: files dns mdns
            networks: files
            protocols: files
            rpc: files
            ethers: files
            netmasks: files
            bootparams: files
            publickey: files
            netgroup: files
            automount: files
            aliases: files
            services: files
            printers: user files
            project: files
            auth_attr: files
            prof_attr: files
            tnrhtp: files
            tnrhdb: files
            sudoers: files

            reconfigure nsswitch, i've also followed the method on this page, and it keeps getting cleared
            *http://www.nineproductions.com/solaris-11-samba-zfs-configuration/

            # svccfg -s name-service/switch
            setprop config/password = "files winbind"
            setprop config/group = "files winbind"
            exit
            # svcadm refresh name-service/switch
            Make sure the entries were adjusted in nsswitch by:

            cat /etc/nsswitch.conf
            You should see the following entries in passwd and group:

            passwd: files winbind
            group: files winbind*

            solaris@srv-data:~$ sudo nano /etc/nsswitch.conf
            Password:

            solaris@srv-data:~$ sudo nscfg import -f svc:/system/name-service/switch:default

            solaris@srv-data:~$ cat /etc/nsswitch.conf
            #
            # AUTOGENERATEDFROM_SMF_V1_
            #
            # WARNING: THIS FILE GENERATED FROM SMF DATA.
            # DO NOT EDIT THIS FILE. EDITS WILL BE LOST.
            # See nsswitch.conf(4) for details.

            passwd: files winbind
            group: files winbind
            hosts: files dns mdns
            ipnodes: files dns mdns
            networks: files
            protocols: files
            rpc: files
            ethers: files
            netmasks: files
            bootparams: files
            publickey: files
            netgroup: files
            automount: files
            aliases: files
            services: files
            printers: user files
            project: files
            auth_attr: files
            prof_attr: files
            tnrhtp: files
            tnrhdb: files
            sudoers: files

            still no groups showing up though

            solaris@srv-data:~$ getent group
            root::0:
            other::1:root
            bin::2:root,daemon
            sys::3:root,bin,adm
            adm::4:root,daemon
            uucp::5:root
            mail::6:root
            tty::7:root,adm
            lp::8:root,adm
            nuucp::9:root
            staff::10:
            daemon::12:root
            sysadmin::14:
            games::20:
            smmsp::25:
            gdm::50:
            upnp::52:
            xvm::60:
            netadm::65:
            mysql::70:
            openldap::75:
            webservd::80:
            postgres::90:
            slocate::95:
            unknown::96:
            nobody::60001:
            noaccess::60002:
            nogroup::65534:
            aiuser::61:
            pkg5srv::97:

            users are there

            solaris@srv-data:~$ getent passwd

            root:x:0:0:Super-User:/root:/usr/bin/bash
            daemon:x:1:1::/:
            bin:x:2:2::/usr/bin:
            sys:x:3:3::/:
            adm:x:4:4:Admin:/var/adm:
            lp:x:71:8:Line Printer Admin:/:
            uucp:x:5:5:uucp Admin:/usr/lib/uucp:
            nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
            dladm:x:15:65:Datalink Admin:/:
            netadm:x:16:65:Network Admin:/:
            netcfg:x:17:65:Network Configuration Admin:/:
            smmsp:x:25:25:SendMail Message Submission Program:/:
            gdm:x:50:50:GDM Reserved UID:/var/lib/gdm:
            zfssnap:x:51:12:ZFS Automatic Snapshots Reserved UID:/:/usr/bin/pfsh
            upnp:x:52:52:UPnP Server Reserved UID:/var/coherence:/bin/ksh
            xvm:x:60:60:xVM User:/:
            mysql:x:70:70:MySQL Reserved UID:/:
            openldap:x:75:75:OpenLDAP User:/:
            webservd:x:80:80:WebServer Reserved UID:/:
            postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh
            svctag:x:95:12:Service Tag UID:/:
            unknown:x:96:96:Unknown Remote UID:/:
            nobody:x:60001:60001:NFS Anonymous Access User:/:
            noaccess:x:60002:60002:No Access User:/:
            nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
            aiuser:x:61:61:AI User:/:
            pkg5srv:x:97:97:pkg(5) server UID:/:
            solaris:x:100:10:Serge Harrison:/home/solaris:/usr/bin/bash
            guest:*:5000:5007:Guest:/tank/users/guest:/bin/bash
            krbtgt:*:5001:5008:krbtgt:/tank/users/krbtgt:/bin/bash
            administrator:*:5002:5008:Administrator:/tank/users/administrator:/bin/bash
            mark:*:5004:5008:Mark:/tank/users/mark:/bin/bash
            tristan:*:5005:5009:Tristan Harrison:/tank/users/tristan:/bin/bash
            lorraine:*:5006:5009:Lorraine:/tank/users/lorraine:/bin/bash
            test:*:5007:5008:test:/tank/users/test:/bin/bash
            duane:*:5008:5008:Duane Cheverie:/tank/users/duane:/bin/bash

            restart samba - which is another issue ill get to later

            solaris@srv-data:~$ sudo svcadm restart samba

            resolv.conf is fine though when i reboot, i ahven't had to touch it as everything gets picked up correctly..

            solaris@srv-data:~$ cat /etc/resolv.conf

            #
            # AUTOGENERATEDFROM_SMF_V1_
            #
            # WARNING: THIS FILE GENERATED FROM SMF DATA.
            # DO NOT EDIT THIS FILE. EDITS WILL BE LOST.
            # See resolv.conf(4) for details.

            domain sergeinc.org
            nameserver 10.66.1.1




            maybe that will help determine where im going wrong? i noticed you did an export in there....maybe that's what im missing? ill try it at home later

            Edited by: 975146 on Dec 5, 2012 12:30 PM
            • 3. Re: nsswitch.conf
              933584
              I'm not too familiar with winbind on Solaris 11. I used the built in ldapclient and the built-in SMB server instead of SAMBA. And quite honestly its run way better than winbind/samba on another linux machine where I have it setup.

              Given that users are listed, it seems things are working, however the mappings for groups may not be setup right? Does your Samba configuration include something similar to this?
              # winbind
              winbind separator = +
              idmap uid = 11000-19000
              idmap gid = 11000-19000
              winbind enum users = yes
              winbind enum groups = yes
              winbind nested groups = yes
              allow trusted domains = yes
              • 4. Re: nsswitch.conf
                Stlouis1
                yes, I do have that in my smb.conf. I don't have the uid and gid sections, when I ran testparm it said those were deprecated so i cut them out. One issue i'm seeing from my AD server though, is that it doesn't seem to broadcast the host name at all. I can type in the path to \\srv-data\ and access shares, but I don't see it on the network from the AD server or my other linux machine, or mac systems

                [Global]
                # Logging
                log level = 1
                syslog only = no
                max log size = 50
                log file = /var/samba/log/%m.log

                netbios name = SRV-DATA
                realm = SERGEINC.ORG
                workgroup = SERGEINC
                security = ads
                encrypt passwords = true
                wins server = 10.66.1.9
                unix extensions = no
                client signing = yes

                winbind use default domain = Yes
                winbind enum users = Yes
                winbind enum groups = Yes
                winbind nested groups = Yes
                winbind separator = +
                winbind refresh tickets = yes

                template shell = /bin/bash
                template homedir = /tank/users/%U

                preferred master = no
                dns proxy = no
                wins server = srv-ad.sergeinc.org
                wins proxy = no

                inherit acls = Yes
                map acl inherit = Yes
                acl group control = yes

                load printers = no
                debug level = 3




                Now if there is a better way to configure all this withthe built in smb server, i'm all ears. I tried the kclient wizard, but it was giving me errors, I will happily start over if that is the better way to do it.
                • 5. Re: nsswitch.conf
                  Stlouis1
                  I took another stab at the kclient config. i'd like to know what i'm missing here though


                  solaris@srv-data:~$ sudo svccfg -s network/dns/client setprop config/nameserver = net_address: "(10.66.1.1 10.66.1.9)"
                  Password:
                  solaris@srv-data:~$ sudo svccfg -s network/dns/client setprop config/domain = astring: "sergeinc.org
                  solaris@srv-data:~$ sudo svccfg -s network/dns/client setprop config/domain = astring: "sergeinc.org"
                  solaris@srv-data:~$ sudo svccfg -s network/dns/client setprop config/search = astring: "sergeinc.org"
                  solaris@srv-data:~$ sudo svccfg -s network/dns/client setprop config/host = astring: '("files" "dns")'
                  solaris@srv-data:~$ sudo nscfg export svc:/network/dns/client:default
                  solaris@srv-data:~$ cat /etc/resolv.conf

                  +#+
                  +# AUTOGENERATEDFROM_SMF_V1_+
                  +#+
                  +# WARNING: THIS FILE GENERATED FROM SMF DATA.+
                  +# DO NOT EDIT THIS FILE. EDITS WILL BE LOST.+
                  +# See resolv.conf(4) for details.+

                  domain  sergeinc.org*
                  search  sergeinc.org*
                  nameserver      10.66.1.1*
                  nameserver      10.66.1.9*


                  solaris@srv-data:~$ cat /etc/nsswitch.conf

                  +#+
                  +# AUTOGENERATEDFROM_SMF_V1_+
                  +#+
                  +# WARNING: THIS FILE GENERATED FROM SMF DATA.+
                  +# DO NOT EDIT THIS FILE. EDITS WILL BE LOST.+
                  +# See nsswitch.conf(4) for details.+

                  passwd: files winbind
                  group:  files winbind
                  hosts:  files dns mdns
                  ipnodes:        files dns mdns
                  networks:       files
                  protocols:      files
                  rpc:    files
                  ethers: files
                  netmasks:       files
                  bootparams:     files
                  publickey:      files
                  netgroup:       files
                  automount:      files
                  aliases:        files
                  services:       files
                  printers:       user files
                  project:        files
                  auth_attr:      files
                  prof_attr:      files
                  tnrhtp: files
                  tnrhdb: files
                  sudoers:        files

                  solaris@srv-data:~$ sudo svccfg -s name-service/switch setprop config/host = astring: '("files dns")'
                  solaris@srv-data:~$ sudo svccfg -s name-service/switch setprop config/ipnodes = astring: '("files dns")'
                  solaris@srv-data:~$ sudo svcadm refresh svc:/system/name-service/switch:default
                  solaris@srv-data:~$ cat /etc/nsswitch.conf

                  +#+
                  +# AUTOGENERATEDFROM_SMF_V1_+
                  +#+
                  +# WARNING: THIS FILE GENERATED FROM SMF DATA.+
                  +# DO NOT EDIT THIS FILE. EDITS WILL BE LOST.+
                  +# See nsswitch.conf(4) for details.+

                  passwd: files winbind
                  group:  files winbind
                  hosts:  files dns*
                  ipnodes:        files dns*
                  networks:       files
                  protocols:      files
                  rpc:    files
                  ethers: files
                  netmasks:       files
                  bootparams:     files
                  publickey:      files
                  netgroup:       files
                  automount:      files
                  aliases:        files
                  services:       files
                  printers:       user files
                  project:        files
                  auth_attr:      files
                  prof_attr:      files
                  tnrhtp: files
                  tnrhdb: files
                  sudoers:        files

                  solaris@srv-data:~$ sudo cp /etc/krb5/krb5.conf /etc/krb5/krb5.conf.backup

                  solaris@srv-data:~$ kclient

                  Can not create directory: /system/volatile/kclient

                  solaris@srv-data:~$ sudo kclient

                  Starting client setup

                  ---------------------------------------------------
                  +Is this a client of a non-Solaris KDC ? [y/n]: y+
                  Which type of KDC is the server:
                  ms_ad: Microsoft Active Directory
                  mit: MIT KDC server
                  heimdal: Heimdal KDC server
                  shishi: Shishi KDC server
                  Enter required KDC type: ms_ad

                  Setting up /etc/krb5/krb5.conf.

                  Attempting to join 'SRV-DATA' to the 'SERGEINC.ORG' domain.

                  Password for Administrator@SERGEINC.ORG:

                  Forest name found: sergeinc.org

                  Site name not found.  Local DCs/GCs will not be discovered.+

                  Computer account 'SRV-DATA' already exists in the 'SERGEINC.ORG' domain.
                  +Do you wish to recreate this computer account ? [y/n]: y+

                  +Would you like to delete any sub-object found for this computer account ? [y/n]: y+
                  Looking to see if the machine account contains other objects...
                  Creating the machine account in AD via LDAP.

                  Warning: unable to create DNS records for client.
                  This could mean that 'srv-ad.sergeinc.org' is not included as a 'nameserver' in the /etc/resolv.conf file or some other type of error.
                  ---------------------------------------------------
                  Setup COMPLETE.




                  so that all seemed well.....but then after a reboot....

                  solaris@srv-data:~$ cat /etc/nsswitch.conf

                  +#+
                  +# AUTOGENERATEDFROM_SMF_V1_+
                  +#+
                  +# WARNING: THIS FILE GENERATED FROM SMF DATA.+
                  +# DO NOT EDIT THIS FILE. EDITS WILL BE LOST.+
                  +# See nsswitch.conf(4) for details.+

                  passwd: files
                  group:  files
                  hosts:  files dns mdns*
                  ipnodes:        files dns mdns*
                  networks:       files
                  protocols:      files
                  rpc:    files
                  ethers: files
                  netmasks:       files
                  bootparams:     files
                  publickey:      files
                  netgroup:       files
                  automount:      files
                  aliases:        files
                  services:       files
                  printers:       user files
                  project:        files
                  auth_attr:      files
                  prof_attr:      files
                  tnrhtp: files
                  tnrhdb: files
                  sudoers:        files
                  solaris@srv-data:~$ cat /etc/resolv.conf

                  +#+
                  +# AUTOGENERATEDFROM_SMF_V1_+
                  +#+
                  +# WARNING: THIS FILE GENERATED FROM SMF DATA.+
                  +# DO NOT EDIT THIS FILE. EDITS WILL BE LOST.+
                  +# See resolv.conf(4) for details.+

                  domain  sergeinc.org*
                  nameserver      10.66.1.1*
                  solaris@srv-data:~$
                  • 6. Re: nsswitch.conf
                    Stlouis1
                    Ah, I think I found where I went wrong

                    I referred back to this blog again and got my shares working using the built in methods. so i disabled and uninstalled samba, leaving just smb
                    https://blogs.oracle.com/paulie/entry/cifs_sharing_on_solaris_11

                    now i was able to reboot, and the shares stayed shared....my only issue is now i can't log in remotely....i hope it's just remotely....

                    mac:~ user$ ssh solaris@srv-data.sergeinc.org
                    Permission denied (gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive).

                    The other thing, is it seems to be discoverable since i can see it when i browse the network, not just when I enter the path manually

                    I've also been digging through the docs more and I think these will cover what I was missing. Hopefully I'll be able to respond back later to indicate it's resolved

                    http://docs.oracle.com/cd/E23824_01/html/821-1455/adsetup-10.html

                    http://docs.oracle.com/cd/E23824_01/html/821-1455/dnsref-31.html#dnsref-36
                    • 7. Re: nsswitch.conf
                      933584
                      Glad you got that working. For the login, you'll need to get the ldapclient connected to the AD server for uid/guid lookups. Also for kerberos, once you've joined Samba to the domain, smbadm join -u [user] [domain], then you can just call 'kinit'. This will get a ticket, make sure your solaris clock is matched with domain clock as much as possible.

                      You'll probably want to stop the winbind service before doing these steps.

                      Here is a page about solaris 10 and AD, you can ignore most of it, but the ldapclient manual configuration is what you will want to use.
                      http://blog.scottlowe.org/2006/08/15/solaris-10-and-active-directory-integration/

                      You don't need to touch the kerberos files, the kinit will take care of that. One thing to note, after you run a successful ldapclient manual configuration, it will replace your nsswitch entries with "files ldap" for everything. You will need to re-add dns to the hosts and ipnodes.

                      Once that is done, getent passwd and getent groups should now show just as they did with winbind.

                      To handle logins however, you need to add the ldap module to the pam modules. in /etc/pam.d/ modify login, other, passwd, ppp, rlogin, rsh to include "auth sufficient pam_ldap.so.1" at the bottom.

                      Now SMB and ssh will be able to authenticate.

                      To get the first share working properly, you will need to modify it with the right ACLs so your domain admins or whichever login you want to use can create new folders ect.
                      use idmap to get the ID number to pass in to the ACL.
                      tfs@husker:/~$ idmap dump -n
                      wingroup:Developers@ms.test.com   ==      gid:2147491848
                      wingroup:NLS@ms.test.com  ==      gid:2147491847
                      wingroup:SOFP@ms.test.com ==      gid:2147491849
                      winuser:toms@ms.test.com  ==      uid:2147491841
                      wingroup:Domain Users@ms.test.com ==      gid:2147491842
                      In this case I want to give myself toms full access to the first share, then I can just use the windows explorer dialog to modify the security later.
                      #chmod A+user:2147491841:full_set:allow /tank/smb/public
                      You need to make sure you have the UNIX plugin to AD installed so AD is the one handling the uid/gids of the AD people connecting. Come to think of it, its possible that was the issue with your winbind not showing groups. If the group doesn't have a GID assigned to it by AD, then it will not show in getent groups. If you do not see a user or a group showing up now, it is probably that issue.

                      You'll know if you have the UNIX tools installed if you see a "UNIX Attributes" tab in the properties window of a user or group from the "Active Directory Users and Groups".

                      When you try and SSH in with an AD user, it will user the "home directory" field from the UNIX Attributes tab to try and create the home folder for. You need to use the auto_home file to be able to mount the proper locations for them. Other wise SSH will not let you log in. I get this when trying to SU to an AD user:
                      tfs@husker:/etc/pam.d$ sudo su - toms
                      Password: 
                      su: No directory!
                      I haven't setup home folders for AD users yet.
                      • 8. Re: nsswitch.conf
                        Stlouis1
                        well, it looks like i'm starting over......

                        unless I can figure out how to boot from the CD and mount the root file system to edit pam.conf

                        after I uninstalled samba, I failed to remove the pam_winbind.so from pam.conf

                        I can't even log into it in single user mode

                        I tried booting from the DVD, but can't I'm having difficulty figuring out the translations for block devices to mount the right disk.....
                        • 9. Re: nsswitch.conf
                          933584
                          Well thats no good, did a line get deleted in pam.d/ files?

                          Edited by: TomS on Dec 7, 2012 9:06 AM
                          • 10. Re: nsswitch.conf
                            Stlouis1
                            no lines were deleted....that was the problem, it was trying to load modules that didn't exist on the system anymore....so i was failing to load pam altogether
                            • 11. Re: nsswitch.conf
                              933584
                              Just a thought, if you haven't already re-installed. At the grub boot menu, you will have some backup boot images if any updates have been installed. Select the prior one and it will load the earlier version of rpool with the intact PAM files. Which you can then maybe copy to the current rpool snapshot.
                              • 12. Re: nsswitch.conf
                                Stlouis1
                                I did have a restore point to try.....it didn't work.

                                that's when I tried single user mode and booting from the DVD, that's when I started referring to the doc below, and other similar docs, when I didn't get anywhere in a timely fashion, I gave up and started reinstalling the OS this morning before I left for work.

                                http://docs.oracle.com/cd/E19253-01/819-5461/gjpna/index.html

                                I was able to ssh to it from work on my "lunch break" and do most of the configuration from there. DNS is set, I went through kclient, got my samba shares up. Now it's just a matter of configuring ldap which I've never done yet and may find a tad tedious, and finally tweaking the permissions for my shares.

                                One thing I don't understand, does the built in smb.conf still use the smb.conf? I had a umask set on one of my shares to set everything to 777 as it was just an open free for all share. can I still do that?

                                Edited by: Stlouis1 on Dec 7, 2012 7:01 PM
                                • 13. Re: nsswitch.conf
                                  Stlouis1
                                  uhm, not sure but I think I missed something with the ldap configuration

                                  solaris@srv-data:~$ idmap dump -n
                                  winuser:Guest@srv-data == uid:2147483649
                                  wingroup:Domain Users@srv-data == gid:2147483650
                                  wingroup:Guests@BUILTIN == gid:2147483652
                                  usid:S-1-5-21-2798885378-1147751391-3997799403-1104     ==      uid:2147483650
                                  usid:S-1-5-21-2798885378-1147751391-3997799403-512 == gid:2147483654
                                  usid:S-1-5-21-2798885378-1147751391-3997799403-513 == gid:2147483653
                                  usid:S-1-5-21-2798885378-1147751391-3997799403-519 == gid:2147483655
                                  usid:S-1-5-21-2798885378-1147751391-3997799403-518 == gid:2147483656
                                  usid:S-1-5-21-2798885378-1147751391-3997799403-572 == gid:2147483657
                                  wingroup:Network == gid:2147483651
                                  wingroup:Authenticated Users == gid:2147483658
                                  wingroup:Administrators@BUILTIN == gid:2147483659


                                  The one I bolded is my account...but I don't get why it's showing the uid string and not the account name??


                                  edit....

                                  and I'm back to square one....after I rebooted the server, nsswitch.conf is back to its out of box state, the ldap enties and everything are gone....WTF....

                                  Edited by: Stlouis1 on Dec 8, 2012 12:14 AM