[Samba] Samba 3.3.0.obeta3, Redhat 9.0, Win2k ADS integration

John H Terpstra jht at samba.org
Fri Aug 15 22:07:55 GMT 2003

On Fri, 15 Aug 2003, Matthew McCarty wrote:

> My goal here is to add my Redhat 9.0 box to the domain and authenticate
> to the ADS Win2K domain from my Redhat 9.0 box.
> I have read the user gorup archives,man pages, for smb.conf and winbind,
> and I have read Head/3.0 documentation, specifically this part is where
> I started:
> http://us3.samba.org/samba/devel/docs/html/Samba-HOWTO-Collection.html#ads-member
> The docs are sadly not complete....

Then please tell us precisely what is missing! By saying that it's
incomplete you are doing those of us who want to help you a disservice.
For goodness sake tell us where it is incomplete and do not leave us in no
mans land!

Have you checked CVS as of about 1 hour ago? Samba3-rc1 has just been cut
from the code tree - this means that if it is incomplete you have NO
chance of getting this fixed for RC1. Had you told us what is missing you
might have stood a chance of having complete documentation. Sorry, the
ball is in your court.

> Anyway I am able to get wbinfo -u and wbinfo -g to work and of course I
> joined the domain correctly. I can see the Redhat box in Network
> neighborhood and in AD. I get the following error from wbinfo -t:
> checking the trust secret via RPC failed
> error code was NT_STATUS_UNSUCCESFUL (0x0000001)
> Could not check secret
> And when I try a wbinfo -a it fails with:
> error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
> error message was: No logon servers
> Could not authenticate......

So please send us a complete step by step list of exactly what you did.

> I ran across a newsgroup entry from June with the same problem as above
> but there was no conclusion to the matter in the thread.

Samba3 has undergone a LOT of change since June. Sorry, this is not
necessarily useful information.

> It seems to me that, of course, it can't find the Win2k DC but when I do
> a net lookup ldap|kdc everything comes up fine, reverse DNS lookup works
> fine as well as forward DNS; AND why does wbinfo -u and -g work if it
> can't find the DC?

Do you have a network trace (capture from Ethereal) to show us?
Have you tried to decode that yourself?

Do you have a log level 10 log file to send us?
Have you looked through that yourself?

> Anyway I am stuck here -- any help would be appreciated.

Well, oddly enough, that's what we are trying to give you. :)

> Here is the relevant smb.conf entries:
> workgroup = mydoamin.com
> realm = mydoamin.com
> security = ads
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
> template homedir = /home/%U
> template shell = /bin/bash
> name resolve order = hosts wins lmhosts bcast
> create mode = 700
> directory = 700
> password server = *
> encrypt passwords = yes

- John T.
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list