[Samba] winbind problems
Thomas M. Skeren III
tms3 at fskklaw.com
Tue Dec 21 01:16:38 GMT 2004
Brian Kesting wrote:
>Someone told me once to try to remove the Samba server from the domain, rename it, and rejoin the domain......would that solve any problems in your opinion?
>
>
That is an odd solution, unless AD is mangled with respect to the samba
server name. Methinks you have a kerberos problem. My servers are
FreeBSD, but I do have a bare bones guide for setting up samba as an AD
member server in FreeBSD. If you use Linux it can only be a reference,
but it's an easy read.
<http://www.fsklaw.com/fbsdconfig.html>
>---------- Original Message ----------------------------------
>From: "Brian Kesting" <bkesting at cityofwayne.org>
>Reply-To: bkesting at cityofwayne.org
>Date: Mon, 20 Dec 2004 18:05:47 -0600
>
>I read something about nscd causing problems before I even installed the system, so I never even installed that service.
>
>Here is an updated /var/log/samba/log.winbindd file.....btw, thanks for the quick help and tips so far, I appreciate it.
>
>[2004/12/20 17:33:27, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313)
> krb5_cc_get_principal failed (No such file or directory)
>[2004/12/20 17:38:44, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
> Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>[2004/12/20 17:43:44, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
> Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>[2004/12/20 17:45:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
> user 'root' does not exist
>[2004/12/20 17:49:01, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
> Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>[2004/12/20 17:52:26, 1] libads/ldap_utils.c:ads_do_search_retry(77)
> ads_search_retry: failed to reconnect (Invalid credentials)
>
>
>---------- Original Message ----------------------------------
>From: Brett Stevens <brett.stevens at hubbub.com.au>
>Date: Tue, 21 Dec 2004 10:33:30 +1100
>
>One thing I moticed when having simmilar problems is that for some reason
>nscd seems to be a problem stop this service and restart all samba services
>including smbd nmbd and winbind
>
>Let us know how it goes.
>
>Brett Stevens
>
>-----Original Message-----
>From: Brian Kesting [mailto:bkesting at cityofwayne.org]
>Sent: Tuesday, December 21, 2004 10:29 AM
>To: samba at lists.samba.org
>Subject: [Samba] winbind problems
>
>
>Hello,
>
>I am running a Samba server (3.0.7) on a Suse 9.2 box. I have connected
>this server successfully to a Windows 2000 Active Directory (mixed mode). I
>have nsswitch.conf, krb5.conf configured and winbind seems to be running
>properly for the most part. With wbinfo I can get all of my user and group
>information. Problem is, it seems that at random times, the samba server
>just stops authenticating the windows user names and accounts. If I restart
>the winbind or smb service, then all seems to be well again for a while.
>Right now the only way I can keep this running is to run a cron job that
>restartes the samba and winbind services every hour. This is really bugging
>me as I cannot figure out what is going on. Can anyone help me? I have
>included some of my configuration and log files below. Thanks in advance.
>
>---------/etc/samba/smb.conf----------
># Samba Configuration File
>
>[global]
> workgroup = WAYNE
> realm = WAYNE.LOCAL
> server string = Samba Server
> security = ADS
> password server = adserver.wayne.local
> encrypt passwords = yes
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> template shell = /bin/bash
> winbind use default domain = no
> winbind separator = /
>
>[users]
> comment = Users on Linux
> path = /home/WAYNE
> read only = No
> browseable = Yes
>
>---------/etc/nsswitch.conf-------
>passwd: files winbind
>group: files winbind
>hosts: files dns wins winbind
>networks: files dns
>
>---------/etc/krb5.conf-----------
>[libdefaults]
> default_realm = WAYNE.LOCAL
> clockskew = 300
>
>[realms]
>WAYNE.LOCAL = {
> kdc = police.wayne.local
> default_domain = WAYNE.LOCAL
> kpasswd_server = adserver.wayne.local
>}
>[domain_realm]
> .WAYNE.LOCAL = WAYNE.LOCAL
>[appdefaults]
>pam = {
> ticket_lifetime = 365d
> renew_lifetime = 365d
> forwardable = true
> proxiable = false
> retain_after_close = true
> minimum_uid = 0
>}
>
>----------/var/log/samba/log.smbd--------
>[2004/12/20 15:25:33, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
> Username WAYNE/LIEUTENANT1$ is invalid on this system [2004/12/20
>15:25:44, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
> Username WAYNE/LIEUTENANT1$ is invalid on this system [2004/12/20
>15:25:54, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
> Username WAYNE/LIEUTENANT1$ is invalid on this system [2004/12/20
>15:25:56, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
> Username WAYNE/LIEUTENANT1$ is invalid on this system
>.
>.
>.
>[2004/12/20 16:04:34, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
> Username WAYNE/DISPATCH_GW1$ is invalid on this system [2004/12/20
>16:05:13, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
> Username WAYNE/DISPATCH_GW1$ is invalid on this system [2004/12/20
>16:05:13, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
> Username WAYNE/DISPATCH_GW1$ is invalid on this system
>
>----------/var/log/samba/log.winbindd-------------------
>[2004/12/20 16:51:07, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
> Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>[2004/12/20 16:54:52, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313)
> krb5_cc_get_principal failed (No such file or directory) [2004/12/20
>16:56:18, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
> Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>[2004/12/20 16:59:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
> user 'root' does not exist
>[2004/12/20 17:00:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
> user 'root' does not exist
>[2004/12/20 17:01:18, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
> Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>[2004/12/20 17:06:24, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
> Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>[2004/12/20 17:11:40, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
> Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>[2004/12/20 17:15:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
>
>????
>
>
More information about the samba
mailing list