[Samba] winbind joins with domain name , not netbios name
Turki Al-Ibrahim
turkim at gmail.com
Thu Sep 22 22:22:08 GMT 2005
Hi,
I am having a problem with Winbind:
First, some information ..
Domain name :TESTDOM
PDC's Netbios name : ubuntu
Samba version : 3.0.20 (lateset patches installed) with LDAP backend.
Linux : Ubuntu 2.6.10
Samba is running smoothly, with no problems.
I want to use Winbin, so I followed Samba HowTo - chapter 23
http://us5.samba.org/samba/docs/man/Samba3-HOWTO/winbind.html#id2634776
I wanted to configure winbind to use the domain installed in the same
server, so I joined using this command :
net join -U administrator
It says Joined Domain TESTDOM , and a machine account is created in LDAP
with the following attributes :
dn: uid=ubuntu$,ou=Computers,dc=testdom,dc=com
> objectClass: top,inetOrgPerson,posixAccount,sambaSamAccount
> cn: ubuntu$
> sn: ubuntu$
> uid: ubuntu$
> uidNumber: 1006
> gidNumber: 515
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
> gecos: Computer
> sambaSID: S-1-5-21-649663798-2503265242-3544459435-3012
> sambaPrimaryGroupSID: S-1-5-21-649663798-2503265242-3544459435-2031
> displayName: Computer
> sambaPwdCanChange: 1127424362
> sambaPwdMustChange: 2147483647
> sambaLMPassword: F6612BB25EF49A45DBF571ADD3E3B73E
> sambaNTPassword: 3EFFA0C5FF16761A846B9B24192F5955
> sambaPwdLastSet: 1127424362
> sambaAcctFlags: [S ]
>
Then , I start Winbind.
Here is the output of Winbind -u , -g & -t
root at ubuntu:/var/www/samba-doc/htmldocs # wbinfo -u
Error looking up domain users
root at ubuntu:/var/www/samba-doc/htmldocs # wbinfo -g
BUILTIN\Print Operators
BUILTIN\Backup Operators
BUILTIN\Replicators
root at ubuntu:/var/www/samba-doc/htmldocs # wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
Could not check secret
When I run wbingo -t (to check secret), smbd logs :
ldapsam_getsampwnam: Unable to locate user [TESTDOM$] count=0
[2005/09/23 00:34:56, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2005/09/23 00:34:56, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242)
get_md4pw: Workstation TESTDOM$: no account in domain
The machine account it is searching is TESTDOM$ , which is the domain name ,
not the netbios name.
Is this normal ? It should join with the netbios name of the PDC.
I tried to create a machine trust account (smbldap-useradd -w) , didn't
work.
Can any body help me with this one ?
Thanks & Regards.
Here's smb.conf :
[global]
workgroup = TESTDOM
netbios name = ubuntu
syslog = 0
log level = 4
name resolve order = wins bcast hosts
printcap name = CUPS
show add printer wizard = No
add user script = /usr/sbin/smbldap-useradd -a -m '%u'
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u'
'%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'
domain logons = Yes
domain master = yes
wins support = yes
printing = CUPS
ldap passwd sync = Yes
ldap admin dn = cn=Manager,dc=testdom,dc=com
passdb backend = ldapsam:"ldap://127.0.0.1/"
ldap delete dn = yes
ldap suffix = dc=testdom,dc=com
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap://localhost
time server = yes
logon path =
logon home =
idmap uid = 15000-20000
idmap gid = 15000-20000
template shell = /bin/bash
security = user
winbind use default domain = yes
[homes]
comment = Home Directories
valid users = %S
writeable = yes
browseable = No
[netlogon]
comment = Network Logon Service
path = /samba/netlogon
browseable = no
guest ok = yes
--
Turki M. Al-Ibrahim
turkim (at) gmail.com <http://gmail.com>
More information about the samba
mailing list