[Samba] Samba / AD / Winbind issues

John H Terpstra jht at Samba.Org
Sun May 8 04:21:51 GMT 2005 

On Saturday 07 May 2005 22:13, Kevin M. Barrett wrote:
> Thanks for the quick reply... See below in context ....

Looks like you are running winbind. What is in your /etc/nsswitch.conf file?
Do you have?:

passwd: files winbind
shadow: files winbind
group:  files winbind

If so, what is returned by executing?:

	getent passwd
	getent group

-John T.

>
> At 12:00 AM 5/8/2005, you wrote:
> >On Saturday 07 May 2005 21:52, Kevin M. Barrett wrote:
> > > List members,
> > >
> > >          I have an issue that I hope one of you can help me with ... I
> > > have set up a AD ( 2003 ) as PDC and a RHE3 AS server running Samba
> > > V3.0.6-2.3E following the instructions in the HOW-TO- By example.  Here
> > > is what I have at the moment ..
> >
> >Wowa! Which are you following? The Samba-3 HOWTO and Reference Guide, or
> >Samba-3 by Example? More importantly, which version? Printed or on-line
> > PDF?
>
> On line version ... URL
> http://us1.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm
>
> >Yes, I would like to know as I am in the process of updating both.
> >
> >Now, what is the returned information from executing the following?
> >
> >         net ads testjoin
>
> Join is OK
>
> >         net ads info
>
> LDAP server: 192.168.14.168
> LDAP server name: media-1
> Realm: D1.SANDTEST.COM
> Bind Path: dc=D1,dc=SANDTEST,dc=COM
> LDAP port: 389
> Server time: Sun, 08 May 2005 00:10:20 GMT
> KDC server: 192.168.14.168
> Server time offset: -23
>
> >  - John T.
> >
> > > I had no problems adding the RH server to the Domain and I have Winbind
> > > set up in the nsswitch.conf file for passwd, group and hosts
> > >
> > > I can do a "wbinfo -u" and it returns
> > >
> > > D1+Administrator
> > > D1+Guest
> > > D1+SUPPORT_388945a0
> > > D1+IUSR_MEDIA-1
> > > D1+IWAM_MEDIA-1
> > > D1+WMUS_MEDIA-1
> > > D1+MEDIA-1$
> > > D1+krbtgt
> > > D1+tuser2
> > > D1+kmb
> > > D1+HOST/gs005
> > > D1+HOST/gs015
> > >
> > > wbinfo -g returns
> > >
> > > BUILTIN+System Operators
> > > BUILTIN+Replicators
> > > BUILTIN+Guests
> > > BUILTIN+Power Users
> > > BUILTIN+Print Operators
> > > BUILTIN+Administrators
> > > BUILTIN+Account Operators
> > > BUILTIN+Backup Operators
> > > BUILTIN+Users
> > > D1+Domain Computers
> > > D1+Domain Controllers
> > > D1+Schema Admins
> > > D1+Enterprise Admins
> > > D1+Domain Admins
> > > D1+Domain Users
> > > D1+Domain Guests
> > > D1+Group Policy Creator Owners
> > > D1+DnsUpdateProxy
> > >
> > >
> > > Now when I perform a smbclient command such as
> > >
> > > smbclient -L //gs005/ -Utuser2
> > > Password:xxxxxxxx
> > > session setup failed: NT_STATUS_LOGON_FAILURE
> > > [root at gs005 etc]#
> > >
> > > as you can see I am running this on the same server that I'm looking
> > > for the list from.  I get the same results using localhost and
> > > 127.0.0.1 as well.   Also I get the same result when I run this command
> > > on another Linux box asking for the same info...
> > >
> > > The Winbind trace looks like this.
> > >
> > > user 'tuser2' does not exist
> > > [10175]: getpwnam D1+TUSER2
> > > rpc: name_to_sid name=TUSER2
> > > name_to_sid [rpc] TUSER2 for domain D1
> > > Connected to LDAP server 192.168.14.168
> > > got ldap server name media-1 at D1.SANDTEST.COM, using bind path:
> > > dc=D1,dc=SANDTEST,dc=COM
> > > IPC$ connections done anonymously
> > > Connecting to host=MEDIA-1
> > > Connecting to 192.168.14.168 at port 445
> > > Doing spnego session setup (blob length=112)
> > > got OID=1 2 840 48018 1 2 2
> > > got OID=1 2 840 113554 1 2 2
> > > got OID=1 2 840 113554 1 2 2 3
> > > got OID=1 3 6 1 4 1 311 2 2 10
> > > got principal=media-1$@D1.SANDTEST.COM
> > > Doing kerberos session setup
> > > Ticket in ccache[MEMORY:cliconnect] expiration Sun, 08 May 2005
> > > 09:49:08 GMT user 'TUSER2' does not exist
> > > [10175]: getpwnam tuser2
> > > [10175]: getpwnam TUSER2
> > > [10175]: create_user: user=>(tuser2), group=>()
> > > winbindd_create_user: Cannot validate gid for group ('Domain Users')
> > > [10175]: getpwnam tuser2
> > > [10175]: getpwnam TUSER2
> > >
> > > Any body seen this and know where I should go to look for a solution.
> > >
> > > Thanks
> > >
> > > Kevin
> > >
> > >
> > >
> > >
> > > Kevin M. Barrett
> > >
> > > KMB IT Consulting, Inc
> > > 508-450-7717
> >
> >--
> >John H Terpstra,
> >Clerk of Session
> >Christ Presbyerian Church (OPC)
> >Salt Lake City, Utah.
> >Phone: (801) 936-1367
> >Cell:  (650) 580-8668
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions:  https://lists.samba.org/mailman/listinfo/samba
>
> Kevin M. Barrett
>
> KMB IT Consulting, Inc
> 508-450-7717

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.

More information about the samba mailing list