[Samba] winbind / idmap_rid

Bruce Hohl brucehohl at access-4-free.com
Sun Feb 20 03:42:27 GMT 2005


Thanks in advance for any help in resolving this issue.
I am experiencing the following issue on both a test and 
production server.  Data from the test server follows:

I am using winbind with the idmap_rid parameter.
After each time I restart winbind I have to rejoin the
domain in order for "wbinfo -t" to succeed.
User connections also fail.

I am running:
samba-3.0.10-0.1  (SuSE 9.1 Pro)
heimdal-0.6.1rc3-55.9

My smb.conf globals are as follows:
[global]
        # general #
        workgroup = GROTECOMPANY
        realm = GROTECOMPANY.COM
        map to guest = Bad User
        password server = 192.168.1.201
        security = ADS
        log level = 1
        preferred master = no
        local master = no
        domain master = no
        wins server = 192.168.1.201
        ldap ssl = no
        socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
        # winbind ####################################
        # IDMAP_RID with Winbind available with 3.0.8:
        idmap backend = idmap_rid:GROTECOMPANY=10000-20000
        allow trusted domains = no
	##############################################
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind separator = /
        winbind use default domain = yes
        winbind enum users = yes
        winbind enum groups = yes
        # printing #
        printing = cups
        printcap name = cups
        printer admin = administrator
	

LOG (log level = 3) MESSAGES FROM "wbinfo -t" COMMAND AFTER
RESTART OF WINBIND:
======================================================================
[2005/02/19 22:12:54, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
  [ 7251]: request interface version
[2005/02/19 22:12:54, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
  [ 7251]: request location of privileged pipe
[2005/02/19 22:12:54, 3]
nsswitch/winbindd_misc.c:winbindd_check_machine_acct(41)
  [ 7251]: check machine account
[2005/02/19 22:12:54, 3]
nsswitch/winbindd_cm.c:cm_get_ipc_userpass(109)
  IPC$ connections done anonymously
[2005/02/19 22:12:54, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(713)
  Doing spnego session setup (blob length=113)
[2005/02/19 22:12:54, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(738)
  got OID=1 2 840 48018 1 2 2
[2005/02/19 22:12:54, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(738)
  got OID=1 2 840 113554 1 2 2
[2005/02/19 22:12:54, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(738)
  got OID=1 2 840 113554 1 2 2 3
[2005/02/19 22:12:54, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(738)
  got OID=1 3 6 1 4 1 311 2 2 10
[2005/02/19 22:12:54, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(745)
  got principal=visual1$@GROTECOMPANY.COM
[2005/02/19 22:12:54, 2]
libsmb/cliconnect.c:cli_session_setup_kerberos(538)
  Doing kerberos session setup
[2005/02/19 22:12:54, 3]
libsmb/clikrb5.c:ads_cleanup_expired_creds(319)
  Ticket in ccache[MEMORY:cliconnect] expiration Sun, 20 Feb
2005 08:12:45 GMT
[2005/02/19 22:12:54, 0]
rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
  cli_nt_setup_creds: request challenge failed
[2005/02/19 22:12:54, 3]
nsswitch/winbindd_cm.c:cm_prepare_connection(384)
  schannel refused - continuing without schannel
(NT_STATUS_INVALID_COMPUTER_NAME)
[2005/02/19 22:12:54, 0]
rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
  cli_nt_setup_creds: request challenge failed
[2005/02/19 22:12:54, 3]
nsswitch/winbindd_misc.c:winbindd_check_machine_acct(68)
  could not open handle to NETLOGON pipe
[2005/02/19 22:12:54, 2]
nsswitch/winbindd_misc.c:winbindd_check_machine_acct(98)
  Checking the trust account password returned
NT_STATUS_INVALID_COMPUTER_NAME
  


More information about the samba mailing list