[Samba] winbind is loosing domain prefix

Thorsten Leiser t.leiser at scharr.de
Wed Sep 22 09:43:02 GMT 2004 

Hi,

we're using the SerNet-release of samba 3.0.7 running on SLES8. Our 
samba server is running as domain member server (security=ADS) in our 
w2k domain. On monday we migrated from 3.0.4 to 3.0.7. Since then 
winbind is trying to relsolve usernames without the domain-prefex and 
fails. See below:
log.winbindd:
...
[2004/09/22 06:54:24, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(159)
  user 'm019u026' does not exist
[2004/09/22 06:54:24, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(159)
  user 'm019u026' does not exist
[2004/09/22 06:54:24, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(159)
  user 'M019U026' does not exist
...

It should be SCHARRNET+m019u026. And in addition i get the following 
errors in log.winbind.
...
[2004/09/22 06:17:12, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
  ads_connect for domain SCHARRNET failed: Invalid credentials
...
[2004/09/21 21:56:01, 1] libsmb/clikrb5.c:ads_krb5_mk_req(321)
  krb5_get_credentials failed for maire$@SCHARRNET.DE (Unknown error 
-1765328347)
[2004/09/21 21:56:01, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(544)
  spnego_gen_negTokenTarg failed: Unknown error -1765328347
...

If we restart winbindd, nmbd and smbd samba runs normal again (until 
next restart). Can anybody give us a hint what the problem is and how we 
can fix it?

Regards

Thorsten

smb.conf:
[global]
        unix charset = ISO8859-15
        display charset = ISO8859-15
        workgroup = SCHARRNET
        realm = SCHARRNET.DE
        server string =
        security = ADS
        password server = maire.scharrnet.de, maitre.scharrnet.de
        socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
        os level = 2
        ldap ssl = no
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template homedir = /data/home/%U
        winbind separator = +
        veto oplock files = /*.mdb/*.doc/*.xls/
        strict locking = No

[data]
        path = /data
        valid users = SCHARRNET+Administrator
        admin users = SCHARRNET+Administrator
        read only = No
        create mask = 0660
        directory mask = 0770
        browseable = No
        volume = DATA
        dos filetimes = Yes
        dos filetime resolution = Yes
        fake directory create times = Yes

[tsshare]
        comment = Share-Laufwerk auf %L
        path = /data/share
        valid users = @SCHARRNET+Domänen-Benutzer, SCHARRNET+Administrator
        read only = No
        create mask = 0660
        directory mask = 0770
        hide unreadable = Yes
        browseable = No
        volume = DATA
        dos filetimes = Yes
        dos filetime resolution = Yes
        fake directory create times = Yes

[tssymbole]
        comment = Iconen-Laufwerk auf %L
        path = /data/symbole
        valid users = @SCHARRNET+Domänen-Benutzer, SCHARRNET+Administrator
        read only = No
        create mask = 0600
        directory mask = 0700
        browseable = No
        volume = DATA
        dos filetimes = Yes
        dos filetime resolution = Yes
        fake directory create times = Yes

[tsvorlagen]
        comment = Vorlagen-Laufwerk auf %L
        path = /data/vorlagen
        valid users = @SCHARRNET+Domänen-Benutzer, SCHARRNET+Administrator
        read only = No
        create mask = 0600
        directory mask = 0700
        browseable = No
        volume = DATA
        dos filetimes = Yes
        dos filetime resolution = Yes
        fake directory create times = Yes

[tshome]
        comment = Home-Laufwerke auf %L
        path = /data/home/
        valid users = @SCHARRNET+Domänen-Benutzer
        admin users = SCHARRNET+Administrator
        read only = No
        create mask = 0600
        directory mask = 0700
        browseable = No
        volume = DATA
        dos filetimes = Yes
        dos filetime resolution = Yes
        fake directory create times = Yes

[tsprofile]
        comment = Terminalserver-Profile auf %L
        path = /data/profile
        valid users = @SCHARRNET+Domänen-Benutzer
        admin users = SCHARRNET+Administrator
        read only = No
        create mask = 0600
        directory mask = 0700
        nt acl support = No
        browseable = No
        volume = DATA
        dos filetimes = Yes
        dos filetime resolution = Yes
        fake directory create times = Yes

[magic]
        comment = Programmdateien V_Olga auf %L
        path = /data/magic
        valid users = @SCHARRNET+Domänen-Benutzer
        write list = "@SCHARRNET+Mandant Synchron 006 Users"
        create mask = 0666
        directory mask = 0777
        browseable = No
        volume = DATA

[klett]
        comment = Abteilungslaufwerk KLETT auf %L
        path = /data/abt/Klett
        valid users = "@SCHARRNET+Mandant 010 Klett_Boeblingen_HEEH", 
SCHARRNET+Administrator
        read only = No
        create mask = 0660
        directory mask = 0770
        browseable = No
        volume = DATA
        dos filetimes = Yes
        dos filetime resolution = Yes
        fake directory create times = Yes
...

-- 
Thorsten Leiser
IT-Systembetreuung
FRIEDRICH SCHARR KG
Liebknechtstrasse 50
70565 Stuttgart-Vaihingen

More information about the samba mailing list