[Samba] idmap_ad requires kinit of machine acccount?

S Murthy Kambhampaty smk_va at yahoo.com
Tue Sep 28 19:20:37 GMT 2004 

On an FC2 test server running samba-3.0.7-2.FC2 and
with idmap_ad, if I start winbind "normally" idmap_ad
fails, but if I first kinit the machine account,
idmap_ad works fine.

Without idmap_ad in smb.conf, winbind is fine.

This problem appears not to occur with samba-3.0.5
(build from source tarball, running RedHat 8.0).  I
will try with samba-3.0.7-1 from samba.org on FC2 as I
get a chance, but I was wondering if anyone had any
clues as to what the problem may be.  I have attached
a little more infor in the postscript.

Thanks,
   Murthy

PS:

Usage 1:
[root at compa4 /]# net ads testjoin
Join is OK
[root at compa4 /]# klist
klist: No credentials cache found (ticket cache
FILE:/tmp/krb5cc_0)

Restart winbind; "getent passwd" only gives local
users
logifile contains:
[2004/09/28 14:54:22, 1] nsswitch/winbindd.c:main(854)
  winbindd version 3.0.7-2.FC2 started.
  Copyright The Samba Team 2000-2004
[2004/09/28 14:54:22, 1]
libsmb/clikrb5.c:ads_krb5_mk_req(313)
  krb5_cc_get_principal failed (No credentials cache
found)
[2004/09/28 14:54:22, 1] idmap_ad.c:ad_idmap_init(43)
  ad_idmap_init: failed to connect to AD
[2004/09/28 14:54:23, 1]
libsmb/clikrb5.c:ads_krb5_mk_req(313)
  krb5_cc_get_principal failed (No credentials cache
found)


Usage 2:
kinit <host name>

Restart winbind; getent passwd gives local as well as
domain users

[2004/09/28 14:58:24, 1] nsswitch/winbindd.c:main(854)
  winbindd version 3.0.7-2.FC2 started.
  Copyright The Samba Team 2000-2004
[2004/09/28 14:58:24, 1]
libsmb/clikrb5.c:ads_krb5_mk_req(313)
  krb5_cc_get_principal failed (No credentials cache
found)
[2004/09/28 14:58:27, 1]
idmap_ad.c:ad_idmap_get_id_from_sid(214)
  ad_idmap_get_id_from_sid mapped SID <> to POSIX UID
<>

  
  
Usage 3:
delete idmap backend ... from smb.conf
# kdestroy
Restart winbind, getent passwd gives local as well as
domain users; generates no messages beyond:
[2004/09/28 15:17:11, 1] nsswitch/winbindd.c:main(854)
  winbindd version 3.0.7-2.FC2 started.
  Copyright The Samba Team 2000-2004
[2004/09/28 15:17:11, 1]
libsmb/clikrb5.c:ads_krb5_mk_req(313)
  krb5_cc_get_principal failed (No credentials cache found)


		
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail

More information about the samba mailing list