[Samba] winbind / idmap_rid
Bruce Hohl
brucehohl at access-4-free.com
Sun Feb 20 03:42:27 GMT 2005
Thanks in advance for any help in resolving this issue.
I am experiencing the following issue on both a test and
production server. Data from the test server follows:
I am using winbind with the idmap_rid parameter.
After each time I restart winbind I have to rejoin the
domain in order for "wbinfo -t" to succeed.
User connections also fail.
I am running:
samba-3.0.10-0.1 (SuSE 9.1 Pro)
heimdal-0.6.1rc3-55.9
My smb.conf globals are as follows:
[global]
# general #
workgroup = GROTECOMPANY
realm = GROTECOMPANY.COM
map to guest = Bad User
password server = 192.168.1.201
security = ADS
log level = 1
preferred master = no
local master = no
domain master = no
wins server = 192.168.1.201
ldap ssl = no
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
# winbind ####################################
# IDMAP_RID with Winbind available with 3.0.8:
idmap backend = idmap_rid:GROTECOMPANY=10000-20000
allow trusted domains = no
##############################################
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = /
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
# printing #
printing = cups
printcap name = cups
printer admin = administrator
LOG (log level = 3) MESSAGES FROM "wbinfo -t" COMMAND AFTER
RESTART OF WINBIND:
======================================================================
[2005/02/19 22:12:54, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
[ 7251]: request interface version
[2005/02/19 22:12:54, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
[ 7251]: request location of privileged pipe
[2005/02/19 22:12:54, 3]
nsswitch/winbindd_misc.c:winbindd_check_machine_acct(41)
[ 7251]: check machine account
[2005/02/19 22:12:54, 3]
nsswitch/winbindd_cm.c:cm_get_ipc_userpass(109)
IPC$ connections done anonymously
[2005/02/19 22:12:54, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(713)
Doing spnego session setup (blob length=113)
[2005/02/19 22:12:54, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(738)
got OID=1 2 840 48018 1 2 2
[2005/02/19 22:12:54, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(738)
got OID=1 2 840 113554 1 2 2
[2005/02/19 22:12:54, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(738)
got OID=1 2 840 113554 1 2 2 3
[2005/02/19 22:12:54, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(738)
got OID=1 3 6 1 4 1 311 2 2 10
[2005/02/19 22:12:54, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(745)
got principal=visual1$@GROTECOMPANY.COM
[2005/02/19 22:12:54, 2]
libsmb/cliconnect.c:cli_session_setup_kerberos(538)
Doing kerberos session setup
[2005/02/19 22:12:54, 3]
libsmb/clikrb5.c:ads_cleanup_expired_creds(319)
Ticket in ccache[MEMORY:cliconnect] expiration Sun, 20 Feb
2005 08:12:45 GMT
[2005/02/19 22:12:54, 0]
rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
cli_nt_setup_creds: request challenge failed
[2005/02/19 22:12:54, 3]
nsswitch/winbindd_cm.c:cm_prepare_connection(384)
schannel refused - continuing without schannel
(NT_STATUS_INVALID_COMPUTER_NAME)
[2005/02/19 22:12:54, 0]
rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
cli_nt_setup_creds: request challenge failed
[2005/02/19 22:12:54, 3]
nsswitch/winbindd_misc.c:winbindd_check_machine_acct(68)
could not open handle to NETLOGON pipe
[2005/02/19 22:12:54, 2]
nsswitch/winbindd_misc.c:winbindd_check_machine_acct(98)
Checking the trust account password returned
NT_STATUS_INVALID_COMPUTER_NAME
More information about the samba
mailing list