Winbind Problem
Mars Lan
mars at neon.com.tw
Tue Jan 15 19:49:04 GMT 2002
I'v looked down thousands of the old history listing and saw a few ppl had
similar problem and was asking for help. But no one seemed to come up a
solution yet (and forgive me if I missed the solution). So I'll just try to
descripe my problem as detailsed as possible and see if someone could be
kind enough to help out.
OS: Redhat Linux 7.2
Samba: 2.2.2 (doesn't work with 3.0 alpha either)
Security level: Domain
Domain: Windows 2000 Active Directory in Mixed Mode
PDC: Windows 2000 Server SP2
Ohter DC's, BDC's: None
and here's the scenario:
1. linux box joined the domain successfully (using smbpasswd or net rpc join
in 3.0) and is verified on the win2k server ad management panel
2. linux box can smbclient -L DC using root or any other domain users
3. however, when doing 'wbinfo -u' or -g, an error message "Error looking up
domain users (or gruops)" appears. the final portion of the debug msg
generated by 'winbind -i -d10' is:
00018 samr_io_r_connect
000018 smb_io_pol_hnd connect_pol
0018 data1: 00000000
001c data2: 00000000
0020 data3: 0000
0022 data4: 0000
0024 data5: 00 00 00 00 00 00 00 00
002c status: NT_STATUS_ACCESS_DENIED <= is this the problem?
client_write: wrote 1300 bytes.
client_read: read 0 bytes. Need 1304 more for a full request.
read failed on sock 12, pid 1536: EOF
4. 'wbinfo -t' returns "Secret is good"
5. 'wbinfo -m' returns nothing
6. 'wbinfo -u foo' gives the correct sid for the domain user foo
7. 'wbinfo -s sid' gives the correct domain+username for sid
8. whether smbd & nmbd are running makes no difference
9 since wbinfo -ug doesn't work, getent passwd & getent group give me only
the accounts & groups on local machine.
10. a copy of my nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind
11. a copy of my smb.conf
[global]
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
workgroup = neon
server string = Samba Server
security = domain
password server = *
encrypt password = yes
[homes]
comment = home
browseable = no
writable = yes
12. thanks for all of you in advance...
Mars
More information about the samba
mailing list