[Samba] Samba / AD / Winbind issues

Kevin M. Barrett kmb at kmb.com
Sun May 8 03:52:20 GMT 2005 

List members,

         I have an issue that I hope one of you can help me with ... I have 
set up a AD ( 2003 ) as PDC and a RHE3 AS server running Samba V3.0.6-2.3E 
following the instructions in the HOW-TO- By example.  Here is what I have 
at the moment ..

I had no problems adding the RH server to the Domain and I have Winbind set 
up in the nsswitch.conf file for passwd, group and hosts

I can do a "wbinfo -u" and it returns

D1+Administrator
D1+Guest
D1+SUPPORT_388945a0
D1+IUSR_MEDIA-1
D1+IWAM_MEDIA-1
D1+WMUS_MEDIA-1
D1+MEDIA-1$
D1+krbtgt
D1+tuser2
D1+kmb
D1+HOST/gs005
D1+HOST/gs015

wbinfo -g returns

BUILTIN+System Operators
BUILTIN+Replicators
BUILTIN+Guests
BUILTIN+Power Users
BUILTIN+Print Operators
BUILTIN+Administrators
BUILTIN+Account Operators
BUILTIN+Backup Operators
BUILTIN+Users
D1+Domain Computers
D1+Domain Controllers
D1+Schema Admins
D1+Enterprise Admins
D1+Domain Admins
D1+Domain Users
D1+Domain Guests
D1+Group Policy Creator Owners
D1+DnsUpdateProxy


Now when I perform a smbclient command such as

smbclient -L //gs005/ -Utuser2
Password:xxxxxxxx
session setup failed: NT_STATUS_LOGON_FAILURE
[root at gs005 etc]#

as you can see I am running this on the same server that I'm looking for 
the list from.  I get the same results using localhost and 127.0.0.1 as 
well.   Also I get the same result when I run this command on another Linux 
box asking for the same info...

The Winbind trace looks like this.

user 'tuser2' does not exist
[10175]: getpwnam D1+TUSER2
rpc: name_to_sid name=TUSER2
name_to_sid [rpc] TUSER2 for domain D1
Connected to LDAP server 192.168.14.168
got ldap server name media-1 at D1.SANDTEST.COM, using bind path: 
dc=D1,dc=SANDTEST,dc=COM
IPC$ connections done anonymously
Connecting to host=MEDIA-1
Connecting to 192.168.14.168 at port 445
Doing spnego session setup (blob length=112)
got OID=1 2 840 48018 1 2 2
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 113554 1 2 2 3
got OID=1 3 6 1 4 1 311 2 2 10
got principal=media-1$@D1.SANDTEST.COM
Doing kerberos session setup
Ticket in ccache[MEMORY:cliconnect] expiration Sun, 08 May 2005 09:49:08 GMT
user 'TUSER2' does not exist
[10175]: getpwnam tuser2
[10175]: getpwnam TUSER2
[10175]: create_user: user=>(tuser2), group=>()
winbindd_create_user: Cannot validate gid for group ('Domain Users')
[10175]: getpwnam tuser2
[10175]: getpwnam TUSER2

Any body seen this and know where I should go to look for a solution.

Thanks

Kevin




Kevin M. Barrett

KMB IT Consulting, Inc
508-450-7717

More information about the samba mailing list