[Samba] trusted domain 'disconnected' using winbind

[Grund, Andreas]

Problem is solved!

Actually there were 2 problems. First, I noticed that winbind tried to
resolve a servername which is no longer PDC in the trusted domain - we
changed PDC and BDC some months ago. Don't know where samba gets this
(wrong) information from. So I tried a workaround by adding an entry in
lmhosts with the wrong servername (the one winbind is looking for) but the
correct ip-address of the PDC. In fact this worked fine with our test system
but not with the production server, though configuration was indentical
execpt the sw-release of samba itself. Finally I upgraded 3.0.9-2.6 to
3.0.14a-0.1 and now everything is fine!

Gerald (Jerry) Carter wrote:
> Grund, Andreas wrote:
>> I have a problem with winbind resolving global groups on a
>> trusted NT Domain. I want to use SQUID and NTLM
>> Authentification and therefore the external authentification
>> helper needs to check if a user belongs to a given group.
>> When I do 'windbind -r DOMAIN+USER GROUP', only groups of
>> the local domain are listed. It seems as if winbind couldn't
>> find a domain controller for the trusted domain: 'wbinfo
>> --sequence' shows the trusted domain disconnected. Debugging
>> winbindd does show following errors:  
>> 
>> wbinfo --sequence	=>
>> [..]
>> bind_rpc_pipe: transfer syntax differs
>> rpc_pipe_bind: check_bind_response failed.
>> [..]
> 
> This is they key error message.  Can you send me a raw
> ethereal trace and a level 10 debug log surrounduing this
> error?  Thanks. 
> 
>> Samba Version: 3.0.9-2.6-SUSE
>> 2 NT4 SP6 Servers acting as PDC for 2 trusted Domains
> 
> 
> 
> 
> 
> cheers, jerry
> =====================================================================
> Alleviating the pain of Windows(tm)      -------
> http://www.samba.org GnuPG Key                -----
> http://www.plainjoe.org/gpg_public.asc "I never saved
> anything for the swim back."     Ethan Hawk in Gattaca