[Samba] wbinfo -t fails but other wbinfo and getent items work.
Michael Wray
mwray at aimconnect.com
Mon Apr 25 20:24:38 GMT 2005
Problem: wbinfo -t fails. As long as it fails, I am unable to map sids to
Group Names. I need this functionality for my application. I can use just
about everyother function of wbinfo at least partially...
Distro: Debian woody.
Packages:
ii samba 3.0.11-0woody1 a LanManager-like file and printer server fo
ii samba-common 3.0.11-0woody1 Samba common files used by both the server a
ii samba-doc 3.0.11-0woody1 Samba documentation
ii libpam-smbpass 3.0.11-0woody1 pluggable authentication module for SMB pass
ii libsmbclient 3.0.11-0woody1 shared library that allows applications to t
ii smbclient 3.0.11-0woody1 a LanManager-like simple client for Unix
ii winbind 3.0.11-0woody1 service to resolve user and group informatio
ii krb5-config 1.4 Configuration files for Kerberos Version 5
ii krb5-doc 1.2.4-5woody8 Documentation for krb5
ii libkrb-1-kerbe 1.2.2-8.dirk.1 Kerberos Libraries for Kerberos4 From KTH
ii libkrb5-17-hei 0.6.3-0.dirk.1 Libraries for Heimdal Kerberos
ii libkrb53 1.2.4-5woody8 MIT Kerberos runtime libraries
ii heimdal-client 0.6.3-0.dirk.1 Clients for Heimdal Kerberos
ii heimdal-kdc 0.6.3-0.dirk.1 KDC for Heimdal Kerberos
rc heimdal-server 0.6.3-0.dirk.1 Servers for Heimdal Kerberos
rc heimdal-server 0.6.3-0.dirk.1 X11 files for Heimdal Kerberos
Caveat, I'm stuck with using "stable" backports for samba...due to the
development environment I'm in..policy dictates I wait for the package to be
backported before I can upgrade to it.
log.winbindd,log.nmbd, and log.samba only show the services starting and
stopping. If the answer is upgrading to yet a newer version of samba..then
great..the solution will have to wait. Problem started out w/ version 3.0.7,
and hasn't been working since..even with subsequent upgrades. Note: now I am
on 3.0.11 (got that about the time everyone started talking about 3.0.14.)
Here is the error from my log.%m (Of and relating to winbindd)
test:/var/log/samba# tail -f log.ntlm
[2005/04/25 14:38:40, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
[26801]: request interface version
[2005/04/25 14:38:40, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
[26801]: request location of privileged pipe
[2005/04/25 14:38:40, 3]
nsswitch/winbindd_misc.c:winbindd_check_machine_acct(41)
[26801]: check machine account
[2005/04/25 14:38:40, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(109)
IPC$ connections done anonymously
[2005/04/25 14:38:40, 3] libsmb/cliconnect.c:cli_session_setup_spnego(708)
Doing spnego session setup (blob length=113)
[2005/04/25 14:38:40, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733)
got OID=1 2 840 48018 1 2 2
[2005/04/25 14:38:40, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733)
got OID=1 2 840 113554 1 2 2
[2005/04/25 14:38:40, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733)
got OID=1 2 840 113554 1 2 2 3
[2005/04/25 14:38:40, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733)
got OID=1 3 6 1 4 1 311 2 2 10
[2005/04/25 14:38:40, 3] libsmb/cliconnect.c:cli_session_setup_spnego(740)
got principal=server03test$@TEST.COM
[2005/04/25 14:38:40, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(533)
Doing kerberos session setup
[2005/04/25 14:38:40, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(318)
Ticket in ccache[MEMORY:cliconnect] expiration Tue, 26 Apr 2005 00:38:40 GMT
[2005/04/25 14:38:40, 0] libsmb/smb_signing.c:signing_good(240)
signing_good: BAD SIG: seq 1
[2005/04/25 14:38:40, 0] libsmb/clientgen.c:cli_receive_smb(121)
SMB Signature verification failed on incoming packet!
[2005/04/25 14:38:40, 3] nsswitch/winbindd_cm.c:new_cm_connection(755)
Could not open a connection to TEST for \PIPE\NETLOGON
(NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)
[2005/04/25 14:38:40, 3]
nsswitch/winbindd_misc.c:winbindd_check_machine_acct(68)
could not open handle to NETLOGON pipe
[2005/04/25 14:38:40, 2]
nsswitch/winbindd_misc.c:winbindd_check_machine_acct(98)
Checking the trust account password returned
NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND
[2005/04/25 14:40:01, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
[27086]: request interface version
[2005/04/25 14:40:01, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
[27086]: request location of privileged pipe
[2005/04/25 14:40:01, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1004)
[27086]: getgroups root
[2005/04/25 14:40:01, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
[27087]: request interface version
[2005/04/25 14:40:01, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
[27087]: request location of privileged pipe
[2005/04/25 14:40:01, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1004)
[27087]: getgroups root
[2005/04/25 14:40:02, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
[27090]: request interface version
[2005/04/25 14:40:02, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
[27090]: request location of privileged pipe
[2005/04/25 14:40:02, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1004)
[27090]: getgroups amavis
[2005/04/25 14:40:02, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
[27091]: request interface version
[2005/04/25 14:40:02, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
[27091]: request location of privileged pipe
[2005/04/25 14:40:02, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1004)
[27091]: getgroups root
[2005/04/25 14:40:02, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
[27097]: request interface version
[2005/04/25 14:40:02, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
[27097]: request location of privileged pipe
[2005/04/25 14:40:02, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1004)
[27097]: getgroups root
[2005/04/25 14:40:02, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
[27099]: request interface version
[2005/04/25 14:40:02, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
[27099]: request location of privileged pipe
[2005/04/25 14:40:02, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1004)
[27099]: getgroups root
[2005/04/25 14:40:02, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
[27100]: request interface version
[2005/04/25 14:40:02, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
[27100]: request location of privileged pipe
[2005/04/25 14:40:02, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1004)
[27100]: getgroups amavis
[2005/04/25 14:40:02, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
[27111]: request interface version
[2005/04/25 14:40:02, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
[27111]: request location of privileged pipe
[2005/04/25 14:40:02, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1004)
[27111]: getgroups postfix
[2005/04/25 14:40:02, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
[27112]: request interface version
[2005/04/25 14:40:02, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
[27112]: request location of privileged pipe
[2005/04/25 14:40:02, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1004)
[27112]: getgroups postfix
[2005/04/25 14:40:02, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
[27114]: request interface version
[2005/04/25 14:40:02, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
[27114]: request location of privileged pipe
[2005/04/25 14:40:02, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1004)
[27114]: getgroups postfix
[2005/04/25 14:40:02, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
[27118]: request interface version
[2005/04/25 14:40:02, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
[27118]: request location of privileged pipe
[2005/04/25 14:40:02, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1004)
[27118]: getgroups root
[2005/04/25 14:40:03, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
[27126]: request interface version
[2005/04/25 14:40:03, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
[27126]: request location of privileged pipe
[2005/04/25 14:40:03, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1004)
[27126]: getgroups postfix
[2005/04/25 14:40:03, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
[27133]: request interface version
[2005/04/25 14:40:03, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
[27133]: request location of privileged pipe
[2005/04/25 14:40:03, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1004)
[27133]: getgroups postfix
The top shows NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND, and an error on signing
on an incoming packet. Is this where my problems lie? I can use wbinfo -g,
-u, -r, -Y,-G,-n, and -S. wbinfo -s only works on "Builtin" groups and users.
smb.conf:
======
[global]
server string = Filtering Server
log file = /var/log/samba/log.ntlm
max log size = 50
security = ads
socket options = TCP_NODELAY
dns proxy = no
encrypt passwords = yes
winbind enum users = yes
winbind enum groups = yes
winbind uid = 10000-20000
winbind gid = 10000-20000
workgroup = TEST
passdb backend = tdbsam guest
obey pam restrictions = yes
password server = server03test.test.com
realm = test.com
use spnego = yes
===================
krb5.conf
=============
[libdefaults]
default_realm = TEST.COM
# The following krb5.conf variables are only for MIT Kerberos.
# default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
# default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
default_etypes = des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-md5
# permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
krb4_get_tickets=no
# The following libdefaults parameters are only for Heimdal Kerberos.
# v4_instance_resolve = false
## v4_name_convert = {
# host = {
# rcmd = host
# ftp = ftp
# }
# plain = {
# something = something-else
# }
# }
[realms]
TEST.COM = {
kdc = server03test.test.com
admin_server = server03test.test.com
default_domain = test.com
}
[domain_realm]
.test.com = TEST.COM
--
Michael Wray
AimConnect, an S4F Inc. Company
918.524.1010 ext 106
mwray at aimconnect.com
http://www.aimconnect.com
More information about the samba
mailing list