[Samba] RE: winbind/wbinfo not pulling info from W2K AD PDC
Talwar, Puneet (NIH/NIAID)
PTALWAR at niaid.nih.gov
Wed Apr 28 15:44:51 GMT 2004
HI,
I am sorry I forgot to post the problem that I am having. It is the same
issue who posted this e-mail originally. Please let me know what should I do
to fix the problem that I am having.
Edit /etc/samba/smb.conf
[global]
realm = KERBEROS.REALM
security = ADS
encrypt passwords = yes
password server = kerberos.server
Edit /etc/krb5.conf
[libdefaults]
default_realm = KERBEROS.REALM
[realms]
KERBEROS.REALM = {
kdc = kerberos.server - should :88 be appended to
this line?
}
[domain_realms]
.kerberos.server=KERBEROS.REALM
#net ads join -U administrator
password:
Joined 'SERVERNAME' to realm 'DOMAIN'
#kinit administrator at KERBEROS.REALM
password:
#smbclient //servername/share -k
smb // >
Up to here everything is OK and the server account can be seen in AD.
#ls -l /lib | grep libnss_winbind
libnss_winbind.so -> libnss_winbind.so.2
Edit /etc/nsswitch.conf
passwd: files winbind
shadow: files
group: files winbind
#ldconfig -v | grep winbind
libnss_winbind.so -> libnss_winbind.so.2
Edit /etc/samba/smb.conf
[global]
realm = KERBEROS.REALM
security = ADS
encrypt passwords = yes
password server = kerberos.server
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
#testparm
Load smb config file from /etc/samba/smb.conf
Loaded services file OK
'winbind separator = +' might cause problems with group membership
server role: ROLE_DOMAIN_MEMBER
#net rpc join -S PDC -U administrator
password:
Joined domain DOMAIN
#winbindd -B
# wbinfo -u
Error looking up domain
#wbinfo -g
Error looking up domain
# wbinfo -t
Checking the trust secret vi RPC calls failed
Error code was (0x0)
Could not check secret
#wbinfo -p
Ping to winbindd failed on fd-1
Could not pin winbindd!
# ps -ae | grep winbindd
PID winbind
PID winbind
This is the output from /var/log/samba/log.winbind
[2004/02/13 13:35:47, 1] nsswitch/winbindd.c:main(843)
winbindd version 3.0.2 started.
Copyright The Samba Team 2000-2004
[2004/02/13 13:35:47, 0] libsmb/cliconnect.c:cli_session_setup_spnego(724)
Kinit failed: Preauthentication failed
[2004/02/13 13:35:47, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain INFORMA-UK uk.informa.com
S-1-5-21-1547161642-839522115-68200333
0
[2004/02/13 13:35:47, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
krb5_cc_get_principal failed (No credentials cache found)
[2004/02/13 13:35:47, 0] libads/kerberos.c:ads_kinit_password(133)
kerberos_kinit_password HOST/data-cl2a at UK.INFORMA.COM failed:
Preauthenticati
on failed
[2004/02/13 13:35:47, 1] nsswitch/winbindd_ads.c:ads_cached_connection(65)
ads_connect for domain INFORMA-UK failed: Preauthentication failed
[2004/02/13 13:35:47, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
krb5_get_credentials failed for tele-root1$@INFORMA.COM (Cannot find KDC
for
requested realm)
[2004/02/13 13:35:47, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(516)
spnego_gen_negTokenTarg failed: Cannot find KDC for requested realm
[2004/02/13 13:35:47, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain INFORMA informa.com S-1-5-21-872949640-2421699758-2984176268
[2004/02/13 13:35:48, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain DEFAULT S-1-5-21-2136767079-1738235858-945835055
[2004/02/13 13:35:49, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain AGRA_UK S-1-5-21-591026277-1029915393-619646970
[2004/02/13 13:35:50, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain MRC_UK S-1-5-21-1670978810-1498184290-1845911597
[2004/02/13 13:35:50, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain LLP S-1-5-21-2047764551-82006601-1874078741
[2004/02/13 13:35:51, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain CODA S-1-5-21-1310659078-2099469345-1236795852
[2004/02/13 13:35:52, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain INFORMA_ASIA S-1-5-21-1008349960-465597267-314601362
[2004/02/13 13:35:53, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain TEST.COM S-0-0
[2004/02/13 13:35:53, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
krb5_get_credentials failed for agra-dc1$@AGRA.INFORMA.COM (Cannot find
KDC for requested realm)
[2004/02/13 13:35:53, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(516)
spnego_gen_negTokenTarg failed: Cannot find KDC for requested realm
[2004/02/13 13:35:53, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain AGRA agra.informa.com
S-1-5-21-1801674531-2139871995-1177238915
[2004/02/13 13:35:53, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
krb5_get_credentials failed for agra-dc1$@AGRA.INFORMA.COM (Cannot find
KDC for requested realm)
[2004/02/13 13:35:53, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(516)
spnego_gen_negTokenTarg failed: Cannot find KDC for requested realm
----------------------------------------------------------
Puneet Talwar
Contractor - CIPS
More information about the samba
mailing list