[Samba] W2K AD domain join success, wbinfo -t error - question

Дорофеев Михаил Сергеевич DorofeevMS at tmn.transneft.ru
Mon Jan 19 03:57:34 GMT 2004 

Hi all!
I'm configuring Samba 3.0.1 on Solaris 9 (rel  s9_58shwpl3) Sparc.
Have successfully installed Ldap libs, Krb5 libs, and, finally - Samba. Trying to join W2KSP4 domain.

net rpc join -S dc01 -U Administrator 
Gives
bash-2.05# /usr/local/samba/bin/net rpc join -S dc01-tmn -U Administrator
Password:

Joined domain MYDOMAIN.

Now i start winbindd. 

The smb.conf file is:
        WORKGROUP=MYDOMAIN
        security = domain
        winbind use default domain = yes
        winbind separator = +
        idmap uid = 10000-20000
        winbind gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        template homedir = /export/home/%D/%U
        template shell = /bin/bash


Then 
wbinfo -g LISTS domain groups and
wbinfo -u LISTS domain users.
See below
(bash-2.05# ./wbinfo -g
Domain Admins
Domain Users
Domain Guests
..... 
about 100 groups)

BUT wbinfo -t gives the error:

bash-2.05# ./wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_NO_TRUST_SAM_ACCOUNT (0xc000018b)
Could not check secret
bash-2.05# 

And net rpc testjoin sais:

bash-2.05# ./net rpc testjoin
[2004/01/19 08:43:40, 0] utils/net_rpc_join.c:net_rpc_join_ok(73)
  Error in domain join verfication (fresh connection)
Join to domain 'TMN' is not valid 

The log is:
Jan 16 18:47:39 SAMBA_SERVER pam_winbind[9808]: [ID 467601 auth.error] request failed: No trusted SAM account, PAM error was 4, NT error was NT_STATUS_NO_TRUST_SAM_ACCOUNT
Jan 16 18:47:39 SAMBA_SERVER pam_winbind[9808]: [ID 637597 auth.error] internal module error (retval = 4, user = `root'
Jan 17 12:59:12 SAMBA_SERVER winbindd[9713]: [ID 702911 daemon.error] [2004/01/17 12:59:12, 0] lib/util_sock.c:write_socket_data(388)
Jan 17 12:59:12 SAMBA_SERVER winbindd[9713]: [ID 702911 daemon.error]   write_socket_data: write failure. Error = Broken pipe
Jan 17 12:59:12 SAMBA_SERVER winbindd[9713]: [ID 702911 daemon.error] [2004/01/17 12:59:12, 0] lib/util_sock.c:write_socket(413)
Jan 17 12:59:12 SAMBA_SERVER winbindd[9713]: [ID 702911 daemon.error]   write_socket: Error writing 138 bytes to socket 14: ERRNO = Broken pipe
Jan 17 12:59:12 SAMBA_SERVER winbindd[9713]: [ID 702911 daemon.error] [2004/01/17 12:59:12, 0] libsmb/clientgen.c:cli_send_smb(155)
Jan 17 12:59:12 SAMBA_SERVER winbindd[9713]: [ID 702911 daemon.error]   Error writing 138 bytes to client. -1 (Broken pipe)
Jan 17 12:59:12 SAMBA_SERVER winbindd[9713]: [ID 702911 daemon.error] [2004/01/17 12:59:12, 0] rpc_client/cli_pipe.c:rpc_api_pipe(424)
Jan 17 12:59:12 SAMBA_SERVER winbindd[9713]: [ID 702911 daemon.error]   cli_pipe: return critical error. Error was Write error: Broken pipe
Jan 17 13:59:16 SAMBA_SERVER net[25311]: [ID 702911 user.error] [2004/01/17 13:59:16, 0] utils/net.c:net_getlocalsid(414)
Jan 17 13:59:16 SAMBA_SERVER net[25311]: [ID 702911 user.error]   Can't fetch domain SID for name: SAMBA_SERVER
Jan 19 07:45:52 SAMBA_SERVER ftpd[25362]: [ID 484914 daemon.notice] gethostbyaddr: host136-5.pool8249.interbusiness.it. != 82.49.5.136
Jan 19 08:43:40 SAMBA_SERVER net[26014]: [ID 702911 user.error] [2004/01/19 08:43:40, 0] utils/net_rpc_join.c:net_rpc_join_ok(73)
Jan 19 08:43:40 SAMBA_SERVER net[26014]: [ID 702911 user.error]   Error in domain join verfication (fresh connection)

(WHERE SAMBA_SERVER is the name of my Samba box I'm playing with - changed,
BUT the original name of the samba server IS resolved from any of  domain controllers)

The patch 113476-05  IS applied (although it is needed for the nss mechanism to work properly).

What am i doing wrong ?
Help is really needed, since i,m playing with half-prodaction server hence can not play-and-change-and-reboot much :(.
Thanks all in advance!!!

More information about the samba mailing list