[Samba] winbindd problems
Shawn Wright
swright at sls.bc.ca
Wed Apr 2 15:00:16 GMT 2003
On 2 Apr 2003 at 11:33, Gavin Hamill wrote:
> Hi there :)
>
> I've recently been playing with winbindd and squid and have achieved
> success thanks to hints from the kind folks on the squid mailing list.
>
> I have now gone to transfer this new knowledge to another system, but
> have come up against a small problem...
>
> I'm using Samba 2.2.7a on Debian woody,
>
> cjhiggins:~# wbinfo -p
> 'ping' to winbindd succeeded
> cjhiggins:~# wbinfo -t
> Secret is good
> cjhiggins:~# wbinfo -u
> 0xc0000022
> cjhiggins:~# wbinfo -g
> 0xc0000022
>
> yet...
>
> cjhiggins:~# wbinfo -a gdh%blahblah
> plaintext password authentication succeeded
> challenge/response password authentication succeeded
>
> The goal here is to bring back a list of groups, because I need to
> attach different levels of internet access to members of different NT
> groups.
>
> My /etc/nsswitch.conf contains:
>
> passwd: compat winbind
> group: compat winbind
>
> at the top, and 'getent passwd' doesn't show anything except
> the contents of /etc/passwd.
>
> >>From googling, I have found that 0xc0000022 means
> NT_STATUS_ACCESS_DENIED, but I'm not sure how or why, given that the
> Linux machine is listed in the Active Directory Users and Computers
> control panel, and the smbpasswd commandline to join the domain returned
> successfully.
>
> The only thing I can think of is the 'testbed' I used was a Win2000
> machine that I converted to use Active Directory, and made sure to
> select the 'compatibility with NT4 servers' option. However,
> on this customer site, there are only Win2000 clients, so I'm guessing
> the server was set to 'Win2000 only mode' with the apparent enhanced
> security that provides.
>
> I've googled and read helpfiles, but have not been able to find a
> solution to this.
>
> Does anyone have any ideas?
Gavin,
I have seen similar results when the libnss_winbind.so is either missing, the incorrect
version, or the symlink from libnss_winbind.so.2 is missing.
(Incorrect version resulted in corrupted domain user listing, while missing link or file
results in the no domain user/group listing at all).
I have even made notes about this for myself, but still manage to forget to check it on
occasion...
Shawn Wright, I.T. Manager
Shawnigan Lake School
swright at SLS.bc.ca
http://Zuiko.sls.bc.ca/swright
http://www.sls.bc.ca
More information about the samba
mailing list