[Samba] Samba / AD / Winbind issues

Kevin M. Barrett kmb at kmb.com
Sun May 8 04:13:36 GMT 2005 

Thanks for the quick reply... See below in context ....


At 12:00 AM 5/8/2005, you wrote:
>On Saturday 07 May 2005 21:52, Kevin M. Barrett wrote:
> > List members,
> >
> >          I have an issue that I hope one of you can help me with ... I have
> > set up a AD ( 2003 ) as PDC and a RHE3 AS server running Samba V3.0.6-2.3E
> > following the instructions in the HOW-TO- By example.  Here is what I have
> > at the moment ..
>
>Wowa! Which are you following? The Samba-3 HOWTO and Reference Guide, or
>Samba-3 by Example? More importantly, which version? Printed or on-line PDF?
On line version ... URL 
http://us1.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm



>Yes, I would like to know as I am in the process of updating both.
>
>Now, what is the returned information from executing the following?
>
>         net ads testjoin

Join is OK


>         net ads info

LDAP server: 192.168.14.168
LDAP server name: media-1
Realm: D1.SANDTEST.COM
Bind Path: dc=D1,dc=SANDTEST,dc=COM
LDAP port: 389
Server time: Sun, 08 May 2005 00:10:20 GMT
KDC server: 192.168.14.168
Server time offset: -23


>  - John T.
>
> > I had no problems adding the RH server to the Domain and I have Winbind set
> > up in the nsswitch.conf file for passwd, group and hosts
> >
> > I can do a "wbinfo -u" and it returns
> >
> > D1+Administrator
> > D1+Guest
> > D1+SUPPORT_388945a0
> > D1+IUSR_MEDIA-1
> > D1+IWAM_MEDIA-1
> > D1+WMUS_MEDIA-1
> > D1+MEDIA-1$
> > D1+krbtgt
> > D1+tuser2
> > D1+kmb
> > D1+HOST/gs005
> > D1+HOST/gs015
> >
> > wbinfo -g returns
> >
> > BUILTIN+System Operators
> > BUILTIN+Replicators
> > BUILTIN+Guests
> > BUILTIN+Power Users
> > BUILTIN+Print Operators
> > BUILTIN+Administrators
> > BUILTIN+Account Operators
> > BUILTIN+Backup Operators
> > BUILTIN+Users
> > D1+Domain Computers
> > D1+Domain Controllers
> > D1+Schema Admins
> > D1+Enterprise Admins
> > D1+Domain Admins
> > D1+Domain Users
> > D1+Domain Guests
> > D1+Group Policy Creator Owners
> > D1+DnsUpdateProxy
> >
> >
> > Now when I perform a smbclient command such as
> >
> > smbclient -L //gs005/ -Utuser2
> > Password:xxxxxxxx
> > session setup failed: NT_STATUS_LOGON_FAILURE
> > [root at gs005 etc]#
> >
> > as you can see I am running this on the same server that I'm looking for
> > the list from.  I get the same results using localhost and 127.0.0.1 as
> > well.   Also I get the same result when I run this command on another Linux
> > box asking for the same info...
> >
> > The Winbind trace looks like this.
> >
> > user 'tuser2' does not exist
> > [10175]: getpwnam D1+TUSER2
> > rpc: name_to_sid name=TUSER2
> > name_to_sid [rpc] TUSER2 for domain D1
> > Connected to LDAP server 192.168.14.168
> > got ldap server name media-1 at D1.SANDTEST.COM, using bind path:
> > dc=D1,dc=SANDTEST,dc=COM
> > IPC$ connections done anonymously
> > Connecting to host=MEDIA-1
> > Connecting to 192.168.14.168 at port 445
> > Doing spnego session setup (blob length=112)
> > got OID=1 2 840 48018 1 2 2
> > got OID=1 2 840 113554 1 2 2
> > got OID=1 2 840 113554 1 2 2 3
> > got OID=1 3 6 1 4 1 311 2 2 10
> > got principal=media-1$@D1.SANDTEST.COM
> > Doing kerberos session setup
> > Ticket in ccache[MEMORY:cliconnect] expiration Sun, 08 May 2005 09:49:08
> > GMT user 'TUSER2' does not exist
> > [10175]: getpwnam tuser2
> > [10175]: getpwnam TUSER2
> > [10175]: create_user: user=>(tuser2), group=>()
> > winbindd_create_user: Cannot validate gid for group ('Domain Users')
> > [10175]: getpwnam tuser2
> > [10175]: getpwnam TUSER2
> >
> > Any body seen this and know where I should go to look for a solution.
> >
> > Thanks
> >
> > Kevin
> >
> >
> >
> >
> > Kevin M. Barrett
> >
> > KMB IT Consulting, Inc
> > 508-450-7717
>
>--
>John H Terpstra,
>Clerk of Session
>Christ Presbyerian Church (OPC)
>Salt Lake City, Utah.
>Phone: (801) 936-1367
>Cell:  (650) 580-8668
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/listinfo/samba


Kevin M. Barrett

KMB IT Consulting, Inc
508-450-7717

More information about the samba mailing list