[Samba] Winbind weirdness, seems to join wrong domain

Fri Jul 9 16:11:00 GMT 2004

Hi

Samba/NT Domain controller newbie... please be gentle :^)

I'm trying to configure a customer RH EL 3 server running samba 3.0.2 to use
winbind to enable samba (and indeed sshd or telnet etc.) to authenticate
users against MS NT Domain controllers..

The domain the samba server should join is named LEEDS, note that the NT
systems (there are several BDC's on the local subnet) are out of my control,
I have only the information they give me...

I've configured nsswitch.conf as below

passwd : files winbind
group : files winbind

and I have the following in /etc/samba/smb.conf

workgroup = LEEDS
security = domain
password server = *
winbind separator = +
idmap uid = 10000-30000
idmap gid = 10000-30000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/winnt/%D/%U
template shell = /bin/bash

plus a bunch of other stuff, but that's the key stuff I think..

Now when I start samba & winbindd I get the following in the log :-
[2004/07/08 11:10:50, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain LEEDS S-0-0
[2004/07/08 11:10:50, 1] nsswitch/winbindd_util.c:init_domain_list(300)
Could not fetch sid for our domain LEEDS
[2004/07/08 11:10:51, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain PETERBOROUGH S-1-5-21-1924550896-1794974960-1843927889
[2004/07/08 11:10:52, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain GLASGOW S-1-5-21-1869554387-1463681392-310601177
[2004/07/08 11:10:53, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain DELHI S-1-5-21-1819564497-1012815030-1537874043
[2004/07/08 11:10:54, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain GALWAY S-1-5-21-1615016180-1255304292-3473557
[2004/07/08 11:10:54, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain HAWK S-1-5-21-1515194898-1513702235-1536833037
[2004/07/08 11:10:55, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain BORO S-1-5-21-1401908901-789471090-526660263
[2004/07/08 11:10:56, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain ROMFORD S-1-5-21-1290616231-1997170506-3473557

and so on where several more trusted domains are added, but crucially it
doesn't seem to become a member of LEEDS

Typing 'net join -UAdminstrator%password' (with the correct password of
course) results in "Unable to find a suitable server"

Bizarrely, if I type wbinfo -u it reports with a list of users from the
ROMFORD domain! And it seems that all is fine I can chown files to users in
the ROMFORD domain....

Now, If I change workgroup = ROMFORD

I get

[2004/07/08 17:21:56, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain ROMFORD S-0-0
[2004/07/08 17:21:56, 1] nsswitch/winbindd_util.c:init_domain_list(300)
Could not fetch sid for our domain ROMFORD
[2004/07/08 17:21:57, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain IPSWICH S-1-5-21-52631187-1515129459-924725345
[2004/07/08 17:21:57, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain LEEDS S-1-5-21-2004697519-1606166301-941251304
[2004/07/08 17:21:58, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain WINEBAR S-1-5-21-1032389125-999773415-926709054

i.e. it now adds LEEDS as a trusted domain (and a few others but not as many
as before), I still can't use net join in any meaningful way, and if I type
wbinfo -u it gives a list of users in the LEEDS domain!!

What is going on here? Any clues?

Why is it picking ROMFORD as the domain when I ask for LEEDS and vice versa?
Why not any of the others? Why can't it actually join the domain when I use
'net join'? I beleive I have valid user accounts and

passwords (of users with domain administrator privileges although that could
be open to doubt)

TIA

--
Tony Scholes
tonys at beacon.co.uk

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.712 / Virus Database: 468 - Release Date: 27/06/2004