[Samba] Winbind problems

Blanchard, Michael MBlanchard at grandaire.com
Wed Feb 13 08:35:14 GMT 2002 

I was having close to the exact same problem.  What was causing it was I
had split wins servers (WINS servers that had other WINS servers listed
in their network settings) and I was getting bogus IP address and names
reported for domain controllers.  So when winbind was trying to find a
domain controller, WINS was saying that there was one at ip address
x.x.x.x when there hadn't been one there for years.  What I had to do
was make the wins servers ONLY talk to themselves (besides replication
of course) and set the replication to every 2 hours.  This had the
effect of clearing out the junk that was sitting in the WINS DB.  As
soon as I did that, everything was working A-OK.

-----Original Message-----
From: Thomas, Daniel J. [mailto:Daniel.Thomas at jhuapl.edu] 
Sent: Wednesday, February 13, 2002 11:17 AM
To: 'Jan van Rensburg'; samba at lists.samba.org
Subject: RE: [Samba] Winbind problems


You might want to try not using the -U option when joining the domain.
Instead, create the machine account on the NT server first, allow time
for the account to propagate, then join.  What should happen is the
machine account password that NT uses should be copied to the /private
directory and smbpasswd should randomly generate a MACHINE.SID and send
that back to the domain controller to store in it's machine database.
I'm not convinced that -U works outside of linux. -Dan

-----Original Message-----
From: Jan van Rensburg [mailto:jan.van.rensburg at epiuse.com]
Sent: Wednesday, February 13, 2002 5:37 AM
To: samba at lists.samba.org
Subject: [Samba] Winbind problems


Hi,
I'd appreciate any help getting winbind to work on Solaris 8 (Sparc). 
I've followed the HOWTOs and other documents on the web but can't seem 
to get even the basic functionality going.

Some platform info:
$ uname -a
SunOS epiuse-sun 5.8 Generic_108528-12 sun4u sparc SUNW,UltraAX-i2 $
smbd -V Version 2.2.3a

On the NT side it is win2k with an ADS tree.

My samba config:

$ more /opt/samba/lib/smb.conf
[global]
    workgroup = domain
    netbios name = solaris
    load printers = no
    log file = /opt/samba/var/log.%m
    max log size = 50
    security = domain
    password server = nt
    encrypt passwords = yes
    domain logons = no
    interfaces = 10.5.3.6
    local master = no
    domain master = no
    name resolve order = lmhosts wins bcast host
    wins server = 10.5.1.1
    winbind separator = +
    winbind cache time = 10
    template shell = /bin/false
    template homedir = /home/%D/%U
    winbind uid = 10000-20000
    winbind gid = 10000-20000

now what i did:
$ /etc/init.d/samba stop
Stopping Samba
$  rm /opt/samba/private/*
$ smbpasswd -D 4 -j domain -r nt -U w2kadmin
added interface ip=10.5.3.6 bcast=10.5.3.255 nmask=255.255.255.0
Password:
resolve_lmhosts: Attempting lmhosts lookup for name nt<0x20>
startlmhosts: Can't open lmhosts file /opt/samba/lib/lmhosts. Error was 
No such file or directory
resolve_wins: Attempting wins lookup for name nt<0x20>
resolve_wins: WINS server == <10.5.1.1>
bind succeeded on port 0
nmb packet from 10.5.1.1(137) header: id=6870 opcode=Query(0) 
response=Yes
     header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
     header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
     answers: nmb_name=NT<20> rr_type=32 rr_class=1 ttl=5783
     answers   0 char ......   hex 00000A050303
Got a positive name query response from 10.5.1.1 ( 10.5.3.3 ) Connecting
to 10.5.3.3 at port 445 session setup ok Domain=[DOMAIN] OS=[Windows
5.0] Server=[Windows 2000 LAN Manager] Joined domain DOMAIN. $
/etc/init.d/samba start Starting Samba $ wbinfo -t Secret is bad
0xc0000001 $ wbinfo -u Error looking up domain users

I've changed the domain name and the names of the 2 servers above to 
make it easier to follow (the problem does not seem to be with name 
resolution). I get these results even when I delete the Solaris machine 
from the ADS tree, or if I add it to the ADS tree manually with the 
backwards compatibility check.

I'm running my winbindd logs at debug level 1, and I have messages like 
these:
[2002/02/11 07:17:59, 1] nsswitch/winbindd_util.c:get_domain_info(137)
   getting trusted domain list
[2002/02/11 07:17:59, 1] 
libsmb/cliconnect.c:cli_establish_connection(867)
   failed tcon_X
[2002/02/11 07:18:08, 1] nsswitch/winbindd_util.c:get_domain_info(137)
   getting trusted domain list

Any ideas?

Thank you,
Jan van rensburg


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 4678 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20020213/bfc502f9/attachment.bin

More information about the samba mailing list