[Samba] Winbind problems

Jan van Rensburg jan.van.rensburg at epiuse.com
Wed Feb 27 05:16:04 GMT 2002 

hi,
if i don't use -U then i get the following error. maybe it's related to 
my original problem:

$ smbpasswd -D 4 -j domain -r nt
added interface ip=10.5.3.6 bcast=10.5.3.255 nmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name nt<0x20>
startlmhosts: Can't open lmhosts file /opt/samba/lib/lmhosts. Error was 
No such file or directory
resolve_wins: Attempting wins lookup for name nt<0x20>
resolve_wins: WINS server == <10.5.1.1>
bind succeeded on port 0
nmb packet from 10.5.1.1(137) header: id=5844 opcode=Query(0) 
response=Yes
     header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
     header: rcode=3 qdcount=0 ancount=1 nscount=0 arcount=0
     answers: nmb_name=NT<20> rr_type=32 rr_class=1 ttl=0
Negative name query response, rcode 0x03: The name requested does not 
exist.
name_resolve_bcast: Attempting broadcast lookup for name ga<0x20>
bind succeeded on port 0
resolve_hosts: Attempting host lookup for name nt<0x20>
Connecting to 10.5.1.3 at port 445
fetch_domain_sid: machine nt rejected the tconX on the IPC$ share. Error 
was : NT_STATUS_ACCESS_DENIED.
Failed to get domain SID. Unable to join domain DOMAIN.

I think "fetch_domain_sid: machine nt rejected the tconX on the IPC$ 
share. Error was : NT_STATUS_ACCESS_DENIED." might be my problem.

Can anyone help?

Regards,
Jan van Rensburg

On Wednesday, February 13, 2002, at 06:16 , Thomas, Daniel J. wrote:

> You might want to try not using the -U option when joining the domain.
> Instead, create the machine account on the NT server first, allow time 
> for
> the account to propagate, then join.  What should happen is the machine
> account password that NT uses should be copied to the /private 
> directory and
> smbpasswd should randomly generate a MACHINE.SID and send that back to 
> the
> domain controller to store in it's machine database.  I'm not convinced 
> that
> -U works outside of linux.
> -Dan
>
> -----Original Message-----
> From: Jan van Rensburg [mailto:jan.van.rensburg at epiuse.com]
> Sent: Wednesday, February 13, 2002 5:37 AM
> To: samba at lists.samba.org
> Subject: [Samba] Winbind problems
>
>
> Hi,
> I'd appreciate any help getting winbind to work on Solaris 8 (Sparc).
> I've followed the HOWTOs and other documents on the web but can't seem
> to get even the basic functionality going.
>
> Some platform info:
> $ uname -a
> SunOS epiuse-sun 5.8 Generic_108528-12 sun4u sparc SUNW,UltraAX-i2
> $ smbd -V
> Version 2.2.3a
>
> On the NT side it is win2k with an ADS tree.
>
> My samba config:
>
> $ more /opt/samba/lib/smb.conf
> [global]
>     workgroup = domain
>     netbios name = solaris
>     load printers = no
>     log file = /opt/samba/var/log.%m
>     max log size = 50
>     security = domain
>     password server = nt
>     encrypt passwords = yes
>     domain logons = no
>     interfaces = 10.5.3.6
>     local master = no
>     domain master = no
>     name resolve order = lmhosts wins bcast host
>     wins server = 10.5.1.1
>     winbind separator = +
>     winbind cache time = 10
>     template shell = /bin/false
>     template homedir = /home/%D/%U
>     winbind uid = 10000-20000
>     winbind gid = 10000-20000
>
> now what i did:
> $ /etc/init.d/samba stop
> Stopping Samba
> $  rm /opt/samba/private/*
> $ smbpasswd -D 4 -j domain -r nt -U w2kadmin
> added interface ip=10.5.3.6 bcast=10.5.3.255 nmask=255.255.255.0
> Password:
> resolve_lmhosts: Attempting lmhosts lookup for name nt<0x20>
> startlmhosts: Can't open lmhosts file /opt/samba/lib/lmhosts. Error was
> No such file or directory
> resolve_wins: Attempting wins lookup for name nt<0x20>
> resolve_wins: WINS server == <10.5.1.1>
> bind succeeded on port 0
> nmb packet from 10.5.1.1(137) header: id=6870 opcode=Query(0)
> response=Yes
>      header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
>      header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
>      answers: nmb_name=NT<20> rr_type=32 rr_class=1 ttl=5783
>      answers   0 char ......   hex 00000A050303
> Got a positive name query response from 10.5.1.1 ( 10.5.3.3 )
> Connecting to 10.5.3.3 at port 445
> session setup ok
> Domain=[DOMAIN] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
> Joined domain DOMAIN.
> $ /etc/init.d/samba start
> Starting Samba
> $ wbinfo -t
> Secret is bad
> 0xc0000001
> $ wbinfo -u
> Error looking up domain users
>
> I've changed the domain name and the names of the 2 servers above to
> make it easier to follow (the problem does not seem to be with name
> resolution). I get these results even when I delete the Solaris machine
> from the ADS tree, or if I add it to the ADS tree manually with the
> backwards compatibility check.
>
> I'm running my winbindd logs at debug level 1, and I have messages like
> these:
> [2002/02/11 07:17:59, 1] nsswitch/winbindd_util.c:get_domain_info(137)
>    getting trusted domain list
> [2002/02/11 07:17:59, 1]
> libsmb/cliconnect.c:cli_establish_connection(867)
>    failed tcon_X
> [2002/02/11 07:18:08, 1] nsswitch/winbindd_util.c:get_domain_info(137)
>    getting trusted domain list
>
> Any ideas?
>
> Thank you,
> Jan van rensburg
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list