[Samba] RE: winbind/wbinfo not pulling info from W2K AD PDC

Talwar, Puneet (NIH/NIAID) PTALWAR at niaid.nih.gov
Wed Apr 28 15:44:51 GMT 2004 

HI,

I am sorry I forgot to post the problem that I am having.  It is the same
issue who posted this e-mail originally. Please let me know what should I do
to fix the problem that I am having. 

Edit /etc/samba/smb.conf
[global]
	realm = KERBEROS.REALM
	security = ADS
	encrypt passwords = yes
	password server = kerberos.server
Edit /etc/krb5.conf
[libdefaults]
	default_realm = KERBEROS.REALM
	
[realms]
	KERBEROS.REALM = {
	kdc = kerberos.server			- should :88 be appended to
this line?
		}
[domain_realms]
	.kerberos.server=KERBEROS.REALM
#net ads join -U administrator
password:
Joined 'SERVERNAME' to realm 'DOMAIN'
#kinit administrator at KERBEROS.REALM
password:
#smbclient //servername/share -k
smb // >
Up to here everything is OK and the server account can be seen in AD.
#ls -l /lib | grep libnss_winbind
libnss_winbind.so -> libnss_winbind.so.2
Edit /etc/nsswitch.conf
passwd:	files winbind
shadow:	files
group:		files winbind
#ldconfig -v | grep winbind
	libnss_winbind.so -> libnss_winbind.so.2
Edit /etc/samba/smb.conf
[global]
	realm = KERBEROS.REALM
	security = ADS
	encrypt passwords = yes
	password server = kerberos.server
	winbind separator = +
	idmap uid = 10000-20000
	idmap gid = 10000-20000
	winbind enum users = yes
	winbind enum groups = yes
	template homedir = /home/%D/%U
	template shell = /bin/bash
#testparm
Load smb config file from /etc/samba/smb.conf
Loaded services file OK
'winbind separator = +' might cause problems with group membership
server role: ROLE_DOMAIN_MEMBER
#net rpc join -S PDC -U administrator
password:
Joined domain DOMAIN
#winbindd -B
# wbinfo -u
Error looking up domain
#wbinfo -g
Error looking up domain
# wbinfo -t
Checking the trust secret vi RPC calls failed
Error code was (0x0)
Could not check secret
#wbinfo -p
Ping to winbindd failed on fd-1
Could not pin winbindd!
# ps -ae | grep winbindd
PID	winbind
PID 	winbind

This is the output from /var/log/samba/log.winbind
[2004/02/13 13:35:47, 1] nsswitch/winbindd.c:main(843)
  winbindd version 3.0.2 started.
  Copyright The Samba Team 2000-2004
[2004/02/13 13:35:47, 0] libsmb/cliconnect.c:cli_session_setup_spnego(724)
  Kinit failed: Preauthentication failed
[2004/02/13 13:35:47, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
  Added domain INFORMA-UK uk.informa.com
S-1-5-21-1547161642-839522115-68200333
0
[2004/02/13 13:35:47, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
  krb5_cc_get_principal failed (No credentials cache found)
[2004/02/13 13:35:47, 0] libads/kerberos.c:ads_kinit_password(133)
  kerberos_kinit_password HOST/data-cl2a at UK.INFORMA.COM failed:
Preauthenticati
on failed
[2004/02/13 13:35:47, 1] nsswitch/winbindd_ads.c:ads_cached_connection(65)
  ads_connect for domain INFORMA-UK failed: Preauthentication failed
[2004/02/13 13:35:47, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
  krb5_get_credentials failed for tele-root1$@INFORMA.COM (Cannot find KDC
for
requested realm)
[2004/02/13 13:35:47, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(516)
  spnego_gen_negTokenTarg failed: Cannot find KDC for requested realm
[2004/02/13 13:35:47, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
  Added domain INFORMA informa.com S-1-5-21-872949640-2421699758-2984176268
[2004/02/13 13:35:48, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
  Added domain DEFAULT  S-1-5-21-2136767079-1738235858-945835055
[2004/02/13 13:35:49, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
  Added domain AGRA_UK  S-1-5-21-591026277-1029915393-619646970
[2004/02/13 13:35:50, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
  Added domain MRC_UK  S-1-5-21-1670978810-1498184290-1845911597
[2004/02/13 13:35:50, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
  Added domain LLP  S-1-5-21-2047764551-82006601-1874078741
[2004/02/13 13:35:51, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
  Added domain CODA  S-1-5-21-1310659078-2099469345-1236795852
[2004/02/13 13:35:52, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
  Added domain INFORMA_ASIA  S-1-5-21-1008349960-465597267-314601362
[2004/02/13 13:35:53, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
  Added domain TEST.COM  S-0-0
[2004/02/13 13:35:53, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
  krb5_get_credentials failed for agra-dc1$@AGRA.INFORMA.COM (Cannot find
KDC for requested realm)
[2004/02/13 13:35:53, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(516)
  spnego_gen_negTokenTarg failed: Cannot find KDC for requested realm
[2004/02/13 13:35:53, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
  Added domain AGRA agra.informa.com
S-1-5-21-1801674531-2139871995-1177238915
[2004/02/13 13:35:53, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
  krb5_get_credentials failed for agra-dc1$@AGRA.INFORMA.COM (Cannot find
KDC for requested realm)
[2004/02/13 13:35:53, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(516)
  spnego_gen_negTokenTarg failed: Cannot find KDC for requested realm


----------------------------------------------------------
Puneet Talwar
Contractor - CIPS

More information about the samba mailing list