[Samba] Samba 3.0.10-1.4E and RedHat ES 4.0

Sven Wells sven.wells at wilm.ppdi.com
Mon May 2 18:59:14 GMT 2005 

I have successfully, well somewhat successfully, joined a native Windows
2003 Active Directory domain as a domain member.  The "home" domain has
a two-way trust relationship with another domain in the same Forest.
The Samba server can provide proper access to any object within it's
"home" domain, however, I am having difficulty providing access to the
Samba server share(s) to objects in the trusted domain.

The getent passwd and getent group commands appear to work fine for the
"home" domain, but are failing to list trusted domain objects.

The wbinfo -u and wbinfo -g commands work fine and list the objects of
the "home" domain, but nothing for the trusted domain.  The wbinfo -m
will not work and produces the following error within the
/var/log/samba/winbindd.log file:
RTP+vanderce
RTP+Vandivl
RTP+Vandivlt
RTP+vangorr
RTP+VEACHJL
RTP+Villiaem
RTP+Voat
RTP+Vogeljs
RTP+Wagnerwl
RTP+Walkerjv
RTP+Wardensd
RTP+Watkinrm
RTP+Wayh
RTP+Weathett
RTP+Wedekise
RTP+Weekscn
RTP+Weissbj
RTP+Westsk
RTP+Wheelekt
RTP+whitakja
RTP+Whitela
RTP+Whitesje
RTP+Wiedmamm
RTP+wigginrs
RTP+wilkiesm
RTP+WILKINVM
RTP+Willetjb
RTP+Williabt
RTP+Williajm
RTP+WILLIAJN
RTP+Williak4
RTP+Williaka
RTP+Williapc
RTP+Willias2
RTP+willifja
RTP+Willitag
RTP+Wilsondd
RTP+winburja
RTP+Wintroma
RTP+WITTEWS
RTP+woodal
RTP+Woodroma
RTP+Wootenns
RTP+Wrightar
RTP+wrightwr
RTP+Wudelj
RTP+Wurstdl
RTP+Wyckoff
RTP+xerox012
RTP+Yangs
RTP+yelvermy
RTP+Yocumh
RTP+youngera
RTP+Youngmd
RTP+Younteo
RTP+YUANJ
RTP+yudeenv
RTP+Yunkerrm
RTP+zamunda
RTP+zelenine
RTP+Zhitoves
RTP+Zimmersa
RTP+Zinntb
[root at wilbids01 samba]# ll
total 4052
-rw-r--r--  1 root root  694249 May  2 08:42 adgroup3.txt
-rw-r--r--  1 root root 1354945 May  2 10:10 adusers2.txt
-rw-r--r--  1 root root  248530 May  2 13:21 adusers3.txt
-rw-r--r--  1 root root 1354553 Apr 29 07:46 adusers.txt
-rw-r--r--  1 root root      20 Jan  3 22:09 lmhosts
-rw-------  1 root root    8192 May  2 12:55 secrets.tdb
-rw-------  1 root root    8192 Apr 18 10:48 secrets.tdb.bak
-rw-r--r--  1 root root   14107 May  2 14:13 smb.conf
-rw-r--r--  1 root root   11550 Apr 20 10:47 smb.conf.adwork
-rw-r--r--  1 root root   14131 Apr 29 10:18 smb.conf.bak
-rw-r--r--  1 root root   14054 Apr 28 17:12 smb.conf.latest
-rw-r--r--  1 root root   11245 Apr 18 15:11 smb.conf.work
-rw-------  1 root root     101 Apr 18 18:11 smbpasswd
-rw-r--r--  1 root root      97 Apr 18 14:15 smbusers
-rw-r--r--  1 root root   40003 Apr 29 07:47 wbinfo-g.txt
-rw-r--r--  1 root root     130 Apr 28 15:53 wbinfo-m.txt
-rw-r--r--  1 root root  311912 Apr 29 07:48 wbinfo-u.txt
[root at wilbids01 samba]# rm adusers3.txt
rm: remove regular file `adusers3.txt'? y
[root at wilbids01 samba]# getent group >> adgroup2.txt
[root at wilbids01 samba]# ll
total 3944
-rw-r--r--  1 root root  135253 May  2 14:47 adgroup2.txt
-rw-r--r--  1 root root  694249 May  2 08:42 adgroup3.txt
-rw-r--r--  1 root root 1354945 May  2 10:10 adusers2.txt
-rw-r--r--  1 root root 1354553 Apr 29 07:46 adusers.txt
-rw-r--r--  1 root root      20 Jan  3 22:09 lmhosts
-rw-------  1 root root    8192 May  2 12:55 secrets.tdb
-rw-------  1 root root    8192 Apr 18 10:48 secrets.tdb.bak
-rw-r--r--  1 root root   14107 May  2 14:13 smb.conf
-rw-r--r--  1 root root   11550 Apr 20 10:47 smb.conf.adwork
-rw-r--r--  1 root root   14131 Apr 29 10:18 smb.conf.bak
-rw-r--r--  1 root root   14054 Apr 28 17:12 smb.conf.latest
-rw-r--r--  1 root root   11245 Apr 18 15:11 smb.conf.work
-rw-------  1 root root     101 Apr 18 18:11 smbpasswd
-rw-r--r--  1 root root      97 Apr 18 14:15 smbusers
-rw-r--r--  1 root root   40003 Apr 29 07:47 wbinfo-g.txt
-rw-r--r--  1 root root     130 Apr 28 15:53 wbinfo-m.txt
-rw-r--r--  1 root root  311912 Apr 29 07:48 wbinfo-u.txt
[root at wilbids01 samba]# getent passwd >> adusers3.txt
[root at wilbids01 samba]# ll
total 4252
-rw-r--r--  1 root root  135253 May  2 14:47 adgroup2.txt
-rw-r--r--  1 root root  694249 May  2 08:42 adgroup3.txt
-rw-r--r--  1 root root 1354945 May  2 10:10 adusers2.txt
-rw-r--r--  1 root root  307732 May  2 14:47 adusers3.txt
-rw-r--r--  1 root root 1354553 Apr 29 07:46 adusers.txt
-rw-r--r--  1 root root      20 Jan  3 22:09 lmhosts
-rw-------  1 root root    8192 May  2 12:55 secrets.tdb
-rw-------  1 root root    8192 Apr 18 10:48 secrets.tdb.bak
-rw-r--r--  1 root root   14107 May  2 14:13 smb.conf
-rw-r--r--  1 root root   11550 Apr 20 10:47 smb.conf.adwork
-rw-r--r--  1 root root   14131 Apr 29 10:18 smb.conf.bak
-rw-r--r--  1 root root   14054 Apr 28 17:12 smb.conf.latest
-rw-r--r--  1 root root   11245 Apr 18 15:11 smb.conf.work
-rw-------  1 root root     101 Apr 18 18:11 smbpasswd
-rw-r--r--  1 root root      97 Apr 18 14:15 smbusers
-rw-r--r--  1 root root   40003 Apr 29 07:47 wbinfo-g.txt
-rw-r--r--  1 root root     130 Apr 28 15:53 wbinfo-m.txt
-rw-r--r--  1 root root  311912 Apr 29 07:48 wbinfo-u.txt
[root at wilbids01 samba]# rm adusers3.txt
rm: remove regular file `adusers3.txt'? y
[root at wilbids01 samba]# ll
total 3944
-rw-r--r--  1 root root  135253 May  2 14:47 adgroup2.txt
-rw-r--r--  1 root root  694249 May  2 08:42 adgroup3.txt
-rw-r--r--  1 root root 1354945 May  2 10:10 adusers2.txt
-rw-r--r--  1 root root 1354553 Apr 29 07:46 adusers.txt
-rw-r--r--  1 root root      20 Jan  3 22:09 lmhosts
-rw-------  1 root root    8192 May  2 12:55 secrets.tdb
-rw-------  1 root root    8192 Apr 18 10:48 secrets.tdb.bak
-rw-r--r--  1 root root   14107 May  2 14:13 smb.conf
-rw-r--r--  1 root root   11550 Apr 20 10:47 smb.conf.adwork
-rw-r--r--  1 root root   14131 Apr 29 10:18 smb.conf.bak
-rw-r--r--  1 root root   14054 Apr 28 17:12 smb.conf.latest
-rw-r--r--  1 root root   11245 Apr 18 15:11 smb.conf.work
-rw-------  1 root root     101 Apr 18 18:11 smbpasswd
-rw-r--r--  1 root root      97 Apr 18 14:15 smbusers
-rw-r--r--  1 root root   40003 Apr 29 07:47 wbinfo-g.txt
-rw-r--r--  1 root root     130 Apr 28 15:53 wbinfo-m.txt
-rw-r--r--  1 root root  311912 Apr 29 07:48 wbinfo-u.txt
[root at wilbids01 samba]# wbinfo -m
Could not list trusted domains
[root at wilbids01 samba]# net ads info
LDAP server: 172.17.90.16
LDAP server name: wildc01
Realm: AMERICAS.PPDI.LOCAL
Bind Path: dc=AMERICAS,dc=PPDI,dc=LOCAL
LDAP port: 389
Server time: Mon, 02 May 2005 14:48:38 GMT
KDC server: 172.17.90.16
Server time offset: 37
[root at wilbids01 samba]# kinit aawellssh at AMERICAS.PPDI.LOCAL
Password for aawellssh at AMERICAS.PPDI.LOCAL:
[root at wilbids01 samba]# cd /
[2005/05/02 14:54:45, 3] libads/sasl.c:ads_sasl_spnego_bind(211)
  name wildc01#20 found.
[2005/05/02 14:54:45, 10]
libsmb/namequery.c:remove_duplicate_addrs2(320)
  remove_duplicate_addrs2: looking for duplicate address/port pairs
[2005/05/02 14:54:45, 4] libsmb/namequery.c:get_dc_list(1406)
  get_dc_list: returning 1 ip addresses in an ordered list
[2005/05/02 14:54:45, 4] libsmb/namequery.c:get_dc_list(1407)
  get_dc_list: 172.17.90.16:389
[2005/05/02 14:54:45, 5] libads/ldap.c:ads_try_connect(85)
  ads_try_connect: trying ldap server '172.17.90.16' port 389
[2005/05/02 14:54:45, 3] libads/ldap.c:ads_connect(247)
  Connected to LDAP server 172.17.90.16
[2005/05/02 14:54:45, 3] libads/ldap.c:ads_server_info(2432)
  got ldap server name wildc01 at AMERICAS.PPDI.LOCAL, using bind path:
dc=AMERICAS,dc=PPDI,dc=LOCAL
[2005/05/02 14:54:45, 4] libads/ldap.c:ads_server_info(2438)
  time offset is 37 seconds
[2005/05/02 14:54:45, 4] libads/sasl.c:ads_sasl_bind(447)

[2005/05/02 14:54:45, 5] libsmb/namecache.c:namecache_fetch(201)
  name wildc01#20 found.
[2005/05/02 14:54:45, 10]
libsmb/namequery.c:remove_duplicate_addrs2(320)
  remove_duplicate_addrs2: looking for duplicate address/port pairs
[2005/05/02 14:54:45, 4] libsmb/namequery.c:get_dc_list(1406)
  get_dc_list: returning 1 ip addresses in an ordered list
[2005/05/02 14:54:45, 4] libsmb/namequery.c:get_dc_list(1407)
  get_dc_list: 172.17.90.16:389
[2005/05/02 14:54:45, 5] libads/ldap.c:ads_try_connect(85)
  ads_try_connect: trying ldap server '172.17.90.16' port 389
[2005/05/02 14:54:45, 3] libads/ldap.c:ads_connect(247)
  Connected to LDAP server 172.17.90.16
[2005/05/02 14:54:45, 3] libads/ldap.c:ads_server_info(2432)
  got ldap server name wildc01 at AMERICAS.PPDI.LOCAL, using bind path:
dc=AMERICAS,dc=PPDI,dc=LOCAL
[2005/05/02 14:54:45, 4] libads/ldap.c:ads_server_info(2438)
  time offset is 37 seconds
[2005/05/02 14:54:45, 4] libads/sasl.c:ads_sasl_bind(447)
  Found SASL mechanism GSS-SPNEGO
[2005/05/02 14:54:45, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2005/05/02 14:54:45, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2005/05/02 14:54:45, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2005/05/02 14:54:45, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2005/05/02 14:54:45, 3] libads/sasl.c:ads_sasl_spnego_bind(211)
  ads_sasl_spnego_bind: got server principal name
=wildc01$@AMERICAS.PPDI.LOCAL
[2005/05/02 14:54:45, 3] libsmb/clikrb5.c:ads_krb5_mk_req(382)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache
found)
[2005/05/02 14:54:45, 1]
nsswitch/winbindd_ads.c:ads_cached_connection(81)
  ads_connect for domain AMERICAS failed: Cannot read password
[2005/05/02 14:54:45, 1] nsswitch/winbindd_util.c:init_domain_list(327)
  Could not fetch sid for our domain AMERICAS
[2005/05/02 14:54:45, 1]
nsswitch/winbindd_misc.c:winbindd_list_trusted_domains(118)
  winbindd_list_trusted_domains: could not refresh trusted domain list
[2005/05/02 14:54:45, 10] nsswitch/winbindd.c:client_write(524)
  client_write: wrote 1300 bytes.
[2005/05/02 14:54:45, 10] nsswitch/winbindd.c:winbind_client_read(470)
  client_read: read 0 bytes. Need 1824 more for a full request.
[2005/05/02 14:54:45, 5] nsswitch/winbindd.c:winbind_client_read(477)

Thanks,
Svn


______________________________________________________________________
This email transmission and any documents, files or previous email 
messages attached to it may contain information that is confidential or 
legally privileged. If you are not the intended recipient or a person 
responsible for delivering this transmission to the intended recipient, 
you are hereby notified that you must not read this transmission and 
that any disclosure, copying, printing, distribution or use of this 
transmission is strictly prohibited. If you have received this 
transmission in error, please immediately notify the sender by telephone 
or return email and delete the original transmission and its attachments 
without reading or saving in any manner.

More information about the samba mailing list