Winbind over firewall/router

[danci at agenda.si]

Hello, list!

I want to use winbind to authenticate proxy users to NT domain. However,
the PDC and the proxy are not in the same LAN - they have a
firewall/router between them.

I had a little trouble getting samba to see the PDC, but I finally
configured samba so that it could joint the domain.

Here is my smb.conf (the relevant part):

[global]
        workgroup = PROD
        os level = 2
        unix extensions = Yes
        encrypt passwords = Yes
        log level = 5
        syslog = 0
        wins support = No
        security = domain
        password server = 192.168.100.56 #
        wins server = 192.168.100.56     # This is the PDC!

        winbind uid = 10000-20000
        winbind gid = 10000-20000
        template homedir = /home/%D/%U
        template shell = /bin/false

Now I have a problem that winbind doesn't see the PDC. Here is what
log.winbind says:

[2003/10/07 16:05:19, 1] nsswitch/winbindd_util.c:init_domain_list(144)
  Retrying startup domain sid fetch for PROD
[2003/10/07 16:05:19, 3] nsswitch/winbindd_cm.c:cm_get_dc_name(98)
  Could not look up dc's for domain PROD
[2003/10/07 16:05:19, 3]
nsswitch/winbindd_cm.c:get_connection_from_cache(406)
  Could not open a connection to PROD for \PIPE\lsarpc
(NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)

What am I doing wrong?

  Thanks, Danilo

-- 
___________________________________________________________________
|    Danilo Godec    |     Agenda d.o.o.    |   ISP for business  |
|  jr. Syst. Admin   |    Gosposvetska 84   |     WAN networks    |
|  danci at agenda.si   |    si-2000 Maribor   |  Internet/Intranet  |
| tel:+386.2.2340860 |       Slovenija      | Application servers |
| fax:+386.2.2340854 | http://www.agenda.si |  Caldera OpenLinux  |