Is there some way to force winbindd to use msrpc rather than ads?
Michael Adam
obnox at samba.org
Tue Jun 4 14:54:55 MDT 2013
Hi Richard,
On 2013-06-04 at 12:04 -0700, Richard Sharpe wrote:
> On Mon, Jun 3, 2013 at 10:13 PM, Volker Lendecke
> <Volker.Lendecke at sernet.de> wrote:
> > On Mon, Jun 03, 2013 at 09:25:07PM -0700, Richard Sharpe wrote:
> >> Hi folks,
> >>
> >> I am having a problem were we cannot use ADS for querying the DCs but
> >> winbinds seems to always want to do that. This causes the following
> >> problems:
> >
> > winbind rpc only = yes
>
> Thank you. This works, but there is one unusual aspect.
>
> On two machines with the same code I see differing results when I use
> 'wbinfo -i SOMEDOM\\someuser'.
>
> While authentication now works (when it didn't before adding that
> parameter) on one machine the above wbinfo command works for all the
> cases I have tried, while on the other machine it does not work for
> any account. It gives me:
>
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user CENSORED_DOM\CENSORED_USER
What is the difference between the two machines?
Could you describe in a little more detail what the
setups are? smb.conf, domain setup, etc.
Are the two machines joined to the same domain? ...
> The user does, however, exist, and the domain and user used are the
> same on each machine.
>
> Why might this be? Does the wbinfo command use different pathways than
> what smbd does?
Well the wbinfo -i is mostly what is used for the
implementation of the getpwnam command in libnsswinbind.
smbd uses other codepaths for most purposes (since it
rarely needs to take all the roundtrips that are implied
by the nss interface).
Cheers - Michael
More information about the samba-technical
mailing list