[Samba] Winbind problem
Chris
chrisd at better-investing.org
Fri Jul 16 11:51:58 GMT 2004
Posted: Thu Jul 15, 2004 11:34 am Post subject: Samba/winbind and ADS
problem
I almost have this.
I have read the docs, I have read this, I have purchased both books from the
samba team, and I cannot find any help from any of these.
We are trying to migrate from OLDDOMAIN (an NT4 Domain) to NEWDOMAIN (our
Win2k3 Domain). I have a two way trust right now between the domains. I have
everything configured as per the docs as far as smb.conf, krb5.conf and
nsswitch. I do:
Code:
# wbinfo -t
checking the trust secret via RPC calls succeeded
so everything looks good there, but the weird thing is when I do this:
Code:
# wbinfo -g
or
# wbinfo -u
I get a list of all the users and groups from OLDDOMAIN, and none of the
groups from NEWDOMAIN! Same thing is true when I use getent. Which makes
about zero sense to me... I had absolutely no error output when joining the
ADS Domain (NEWDOMAIN), from wbinfo, kinit, sbmclient or smbmount.
So, I went to the log file:
Quote:
[2004/07/15 11:55:39, 1] nsswitch/winbindd.c:main(843)
winbindd version 3.0.4 started.
Copyright The Samba Team 2000-2004
[2004/07/15 11:55:39, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
Added domain NEWDOMAIN NEWDOMAIN.INT S-0-0
[2004/07/15 11:55:43, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
ads_connect for domain NEWDOMAIN failed: No such file or directory
[2004/07/15 11:55:44, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
Added domain OLDDOMAIN S-1-5-21-1898674339-994652211-837300805
[2004/07/15 11:55:44, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
Added domain BUILTIN S-1-5-32
[2004/07/15 11:55:44, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
Added domain CASPER S-1-5-21-789378082-241503064-2986860805
[2004/07/15 12:04:59, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
ads_connect for domain NEWDOMAIN failed: No such file or directory
I have been trying this since samba 3.0.0, and I still have problems. I am now
using 3.0.4.
my smb.conf:
Code:
# Global parameters
[global]
netbios name = JOE
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
dns proxy = no
realm = NEWDOMAIN.INT
workgroup = NEWDOMAIN
netbios aliases = JOE
server string = JOE server
security = ADS
wins proxy = no
map to guest = Bad User
password server = stan.newdomain.int
name resolve order = lmhosts wins bcast
time server = Yes
os level = 0
preferred master = No
local master = No
domain master = No
wins server = 208.226.104.3
hosts allow = 127.0.0.1, 208.226.104.
oplocks = No
follow symlinks = No
printing = cups
printcap name = cups
load printers = yes
idmap uid = 10000-20000
winbind enum users = yes
winbind gid = 10000-20000
winbind enum groups = yes
winbind separator = +
os level = 20
[images]
valid users = chrisd,kristynp,administrator
public = no
path = /images
writable = yes
write list = kristynp,chrisd,administrator
admin users = kristynp,chrisd,administrator
force user = root
my krb5.conf:
Code:
[libdefaults]
default_realm = NEWDOMAIN.INT
[realms]
NEWDOMAIN.INT = {
kdc = stan.naic.int
}
[domain_realms]
.newdomain.int = NEWDOMAIN.INT
my nsswitch.conf:
Code:
# /etc/nsswitch.conf:
# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/nsswitch.conf,v 1.4
2002/11/18 19:39:22 azarah Exp $
passwd: compat winbind
shadow: compat
group: compat winbind
# passwd: db files nis
# shadow: db files nis
# group: db files nis
hosts: files dns
networks: files dns
services: db files
protocols: db files
rpc: db files
ethers: db files
netmasks: files
netgroup: files
bootparams: files
automount: files
aliases: files
I am at my wit's end here... I would really appreciate any help.
Thank you!
chris
More information about the samba
mailing list