[Samba] winbindd will not connect to samba pdc

Gerry Valle gerry at qcworld.com
Tue Mar 8 20:54:46 GMT 2005

I'm trying to migrate to a Samba PDC from an NT PDC.  Right now I'm
testing whether a Samba member server can effectively grab user account
info from a Samba PDC.

Both the PDC and the member server are vanilla, no-frills Redhat 9
machines, the PDC is running Samba 3.0.9 and the member is running
3.0.11.  I've followed the instructions in the Samba HOWTO for setting
up winbindd, that is, I've moved or created the .so files, I've added
the winbind entries to nsswitch.conf, etc.  From the docs, it appears
that winbindd should work at this point without even making changes to
the pam.d/ stuff.

I start Samba on the PDC and it runs fine.  I start Samba on the
member server.  Then I run the "net rpc join" command on the member
server and it joins the domain with no errors.  Then I start winbindd.
At this point "wbinfo -u" returns "Error looking up domain users"
and "wbinfo -g" returns only the local (member server's) groups.
What I'd expect to see is any users that exist in the PDC's /etc/passwd
file and the Samba tdb file.  Is this what I should expect?

This is the Member server's smb.conf:

         unix charset = CP1252
         workgroup = QUACK
         server string = Big bowl of Samba
         security = DOMAIN
         password server =
         log level = 100
         log file = /var/log/smb.log
         name cache timeout = 0
         wins server = eth0:
         idmap uid = 200000-600000
         idmap gid = 200000-600000
         winbind separator = +
         winbind cache time = 10
         inherit acls = Yes

The PDC's smb.conf is here:
         unix charset = CP1252
         workgroup = QUACK
         server string = Nina Williams...Wins!
         bind interfaces only = Yes
         passdb backend = tdbsam:/etc/samba/passdb.tdb
         passwd program = /usr/bin/passwd %u
         passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n 
         passwd chat debug = Yes
         log level = 100
         log file = /var/log/smb.log
         smb ports = 139 445
         name resolve order = hosts wins lmhosts
         time server = Yes
         add user script = /usr/sbin/useradd -m %u -s /bin/tcsh -c "QC User"
         delete user script = /usr/sbin/userdel -r %u
         add group script = /usr/sbin/groupadd %g
         delete group script = /usr/sbin/groupdel %g
         add user to group script = /usr/sbin/usermod -G %g %u
         add machine script = /usr/sbin/useradd -s /sbin/nologin -c "QC Samba 
Machine" -d /dev/null %u
         logon script = scripts\%U.bat
         logon path = \\%L\profiles\%U
         domain logons = Yes
         os level = 60
         preferred master = Yes
         domain master = Yes
         wins server = eth0:
         idmap uid = 20000-600000
         idmap gid = 20000-600000
         winbind separator = +
         winbind cache time = 10
         admin users = gerry, GerryV, Administrator

         comment = Network Logon Service
         path = /usr/local/samba/netlogon
         write list = gerry, @wheel

         comment = Profile Share
         path = /usr/local/samba/profiles
         read only = No
         create mask = 0600
         directory mask = 0700
         profile acls = Yes

The address is the Samba PDC.  I've tried password
server = "*" but no there's no difference.  I've worked on this
issue on and off for months and have never been able to get winbindd
to work, **EXCEPT** if the PDC is an actual Windows NT PDC; then
winbindd works exactly as advertised.  I have pored over the logs
(with log level=100) and the only thing I've found to indicate a
problem is when I run "wbinfo -t".  When I do this, the following
entries appear:

[2005/03/08 12:39:39, 3] nsswitch/winbindd_cm.c:new_cm_connection(755)
   Could not open a connection to QUACK for \PIPE\NETLOGON 
[2005/03/08 12:39:39, 3] nsswitch/winbindd_misc.c:winbindd_check_machine_acct(68)
   could not open handle to NETLOGON pipe
[2005/03/08 12:39:39, 2] nsswitch/winbindd_misc.c:winbindd_check_machine_acct(98)
   Checking the trust account password returned 

Yet, when I run "net lookup dc QUACK", it returns the domain controller's
IP,  So something still isn't right.  What other tests
can I try?  I've read so many people that have winbindd working on
similar installations, but I can't even get past the most basic
function.  Any suggestions would be greatly appreciated.

Gerry Valle                                   Quantum Consulting, Inc.
System Administrator                            http://www.qcworld.com

More information about the samba mailing list