[Samba] Winbind problems

Sean O'Grady sean.ogrady at sheridanc.on.ca
Fri Mar 1 14:27:03 GMT 2002 

Hi,
	I'm not sure about the differences between the Linux port and the
Solaris port but I was getting the same results on our Linux setup. What
I had to do was fairly simple. In some versions of the 2.2.3
documentation that I've read it mentions to copy libnss_winbind.so into
/lib but one copy I read neglected to mention that you need to link
/lib/libnss_winbind.so.2 to /lib/libnss_winbind.so which I did and the
problem was resolved.

But as I've mentioned thats on a Linux setup not Solaris.

Sean

--
Sean O'Grady
System Administrator
Information Technology - ICT
Sheridan College
905-845-9430 x. 2166
sean.ogrady at sheridanc.on.ca

Jan van Rensburg wrote:
> 
> hi,
> if i don't use -U then i get the following error. maybe it's related to
> my original problem:
> 
> $ smbpasswd -D 4 -j domain -r nt
> added interface ip=10.5.3.6 bcast=10.5.3.255 nmask=255.255.255.0
> resolve_lmhosts: Attempting lmhosts lookup for name nt<0x20>
> startlmhosts: Can't open lmhosts file /opt/samba/lib/lmhosts. Error was
> No such file or directory
> resolve_wins: Attempting wins lookup for name nt<0x20>
> resolve_wins: WINS server == <10.5.1.1>
> bind succeeded on port 0
> nmb packet from 10.5.1.1(137) header: id=5844 opcode=Query(0)
> response=Yes
>      header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
>      header: rcode=3 qdcount=0 ancount=1 nscount=0 arcount=0
>      answers: nmb_name=NT<20> rr_type=32 rr_class=1 ttl=0
> Negative name query response, rcode 0x03: The name requested does not
> exist.
> name_resolve_bcast: Attempting broadcast lookup for name ga<0x20>
> bind succeeded on port 0
> resolve_hosts: Attempting host lookup for name nt<0x20>
> Connecting to 10.5.1.3 at port 445
> fetch_domain_sid: machine nt rejected the tconX on the IPC$ share. Error
> was : NT_STATUS_ACCESS_DENIED.
> Failed to get domain SID. Unable to join domain DOMAIN.
> 
> I think "fetch_domain_sid: machine nt rejected the tconX on the IPC$
> share. Error was : NT_STATUS_ACCESS_DENIED." might be my problem.
> 
> Can anyone help?
> 
> Regards,
> Jan van Rensburg
> 
> On Wednesday, February 13, 2002, at 06:16 , Thomas, Daniel J. wrote:
> 
> > You might want to try not using the -U option when joining the domain.
> > Instead, create the machine account on the NT server first, allow time
> > for
> > the account to propagate, then join.  What should happen is the machine
> > account password that NT uses should be copied to the /private
> > directory and
> > smbpasswd should randomly generate a MACHINE.SID and send that back to
> > the
> > domain controller to store in it's machine database.  I'm not convinced
> > that
> > -U works outside of linux.
> > -Dan
> >
> > -----Original Message-----
> > From: Jan van Rensburg [mailto:jan.van.rensburg at epiuse.com]
> > Sent: Wednesday, February 13, 2002 5:37 AM
> > To: samba at lists.samba.org
> > Subject: [Samba] Winbind problems
> >
> >
> > Hi,
> > I'd appreciate any help getting winbind to work on Solaris 8 (Sparc).
> > I've followed the HOWTOs and other documents on the web but can't seem
> > to get even the basic functionality going.
> >
> > Some platform info:
> > $ uname -a
> > SunOS epiuse-sun 5.8 Generic_108528-12 sun4u sparc SUNW,UltraAX-i2
> > $ smbd -V
> > Version 2.2.3a
> >
> > On the NT side it is win2k with an ADS tree.
> >
> > My samba config:
> >
> > $ more /opt/samba/lib/smb.conf
> > [global]
> >     workgroup = domain
> >     netbios name = solaris
> >     load printers = no
> >     log file = /opt/samba/var/log.%m
> >     max log size = 50
> >     security = domain
> >     password server = nt
> >     encrypt passwords = yes
> >     domain logons = no
> >     interfaces = 10.5.3.6
> >     local master = no
> >     domain master = no
> >     name resolve order = lmhosts wins bcast host
> >     wins server = 10.5.1.1
> >     winbind separator = +
> >     winbind cache time = 10
> >     template shell = /bin/false
> >     template homedir = /home/%D/%U
> >     winbind uid = 10000-20000
> >     winbind gid = 10000-20000
> >
> > now what i did:
> > $ /etc/init.d/samba stop
> > Stopping Samba
> > $  rm /opt/samba/private/*
> > $ smbpasswd -D 4 -j domain -r nt -U w2kadmin
> > added interface ip=10.5.3.6 bcast=10.5.3.255 nmask=255.255.255.0
> > Password:
> > resolve_lmhosts: Attempting lmhosts lookup for name nt<0x20>
> > startlmhosts: Can't open lmhosts file /opt/samba/lib/lmhosts. Error was
> > No such file or directory
> > resolve_wins: Attempting wins lookup for name nt<0x20>
> > resolve_wins: WINS server == <10.5.1.1>
> > bind succeeded on port 0
> > nmb packet from 10.5.1.1(137) header: id=6870 opcode=Query(0)
> > response=Yes
> >      header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
> >      header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
> >      answers: nmb_name=NT<20> rr_type=32 rr_class=1 ttl=5783
> >      answers   0 char ......   hex 00000A050303
> > Got a positive name query response from 10.5.1.1 ( 10.5.3.3 )
> > Connecting to 10.5.3.3 at port 445
> > session setup ok
> > Domain=[DOMAIN] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
> > Joined domain DOMAIN.
> > $ /etc/init.d/samba start
> > Starting Samba
> > $ wbinfo -t
> > Secret is bad
> > 0xc0000001
> > $ wbinfo -u
> > Error looking up domain users
> >
> > I've changed the domain name and the names of the 2 servers above to
> > make it easier to follow (the problem does not seem to be with name
> > resolution). I get these results even when I delete the Solaris machine
> > from the ADS tree, or if I add it to the ADS tree manually with the
> > backwards compatibility check.
> >
> > I'm running my winbindd logs at debug level 1, and I have messages like
> > these:
> > [2002/02/11 07:17:59, 1] nsswitch/winbindd_util.c:get_domain_info(137)
> >    getting trusted domain list
> > [2002/02/11 07:17:59, 1]
> > libsmb/cliconnect.c:cli_establish_connection(867)
> >    failed tcon_X
> > [2002/02/11 07:18:08, 1] nsswitch/winbindd_util.c:get_domain_info(137)
> >    getting trusted domain list
> >
> > Any ideas?
> >
> > Thank you,
> > Jan van rensburg
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list