Winbind Problem

Mars Lan mars at neon.com.tw
Tue Jan 15 19:49:04 GMT 2002 

I'v looked down thousands of the old history listing and saw a few ppl had
similar problem and was asking for help. But no one seemed to come up a
solution yet (and forgive me if I missed the solution). So I'll just try to
descripe my problem as detailsed as possible and see if someone could be
kind enough to help out.

OS: Redhat Linux 7.2
Samba: 2.2.2 (doesn't work with 3.0 alpha either)
Security level: Domain
Domain: Windows 2000 Active Directory in Mixed Mode
PDC: Windows 2000 Server SP2
Ohter DC's, BDC's: None

and here's the scenario:
1. linux box joined the domain successfully (using smbpasswd or net rpc join
in 3.0) and is verified on the win2k server ad management panel
2. linux box can smbclient -L DC using root or any other domain users
3. however, when doing 'wbinfo -u' or -g, an error message "Error looking up
domain users (or gruops)" appears. the final portion of the debug msg
generated by 'winbind -i -d10' is:

00018 samr_io_r_connect
    000018 smb_io_pol_hnd connect_pol
        0018 data1: 00000000
        001c data2: 00000000
        0020 data3: 0000
        0022 data4: 0000
        0024 data5: 00 00 00 00 00 00 00 00
    002c status: NT_STATUS_ACCESS_DENIED   <= is this the problem?
client_write: wrote 1300 bytes.
client_read: read 0 bytes. Need 1304 more for a full request.
read failed on sock 12, pid 1536: EOF

4. 'wbinfo -t' returns "Secret is good"
5. 'wbinfo -m' returns nothing
6. 'wbinfo -u foo' gives the correct sid for the domain user foo
7. 'wbinfo -s sid' gives the correct domain+username for sid
8. whether smbd & nmbd are running makes no difference
9 since wbinfo -ug doesn't work, getent passwd & getent group give me only
the accounts & groups on local machine.
10. a copy of my nsswitch.conf

passwd:         files winbind
shadow:         files winbind
group:          files winbind

11. a copy of my smb.conf

[global]
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes

workgroup = neon
server string = Samba Server
security = domain
password server = *
encrypt password = yes

[homes]
    comment = home
    browseable = no
    writable = yes

12. thanks for all of you in advance...

Mars

More information about the samba mailing list