[Samba] winbind joins with domain name , not netbios name

Turki Al-Ibrahim turkiad at gmail.com
Fri Sep 23 12:00:26 GMT 2005


I am having a problem with Winbind:

First, some information ..
Domain name :TESTDOM
PDC's Netbios name : ubuntu
Samba version : 3.0.20 (lateset patches installed) with LDAP backend.
Linux : Ubuntu 2.6.10

Samba is running smoothly, with no problems.

I wanted to use Winbind, so I followed Samba HowTo - chapter 23

I wanted to configure winbind to use the domain installed in the same
server, so I joined using this command :
net join -U administrator

It says Joined Domain TESTDOM , and a machine account is created in LDAP
with the following attributes :

dn: uid=ubuntu$,ou=Computers,dc=testdom,dc=com
objectClass: top,inetOrgPerson,posixAccount,sambaSamAccount
cn: ubuntu$
sn: ubuntu$
uid: ubuntu$
uidNumber: 1006
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
sambaSID: S-1-5-21-649663798-2503265242-3544459435-3012
sambaPrimaryGroupSID: S-1-5-21-649663798-2503265242-3544459435-2031
displayName: Computer
sambaPwdCanChange: 1127424362
sambaPwdMustChange: 2147483647
sambaLMPassword: F6612BB25EF49A45DBF571ADD3E3B73E
sambaNTPassword: 3EFFA0C5FF16761A846B9B24192F5955
sambaPwdLastSet: 1127424362
sambaAcctFlags: [S ] (S should be for server trust account , is this normal

Then , I start Winbind.

Here is the output of wbinfo -u , -g & -t

root at ubuntu:/var/www/samba-doc/htmldocs # wbinfo -u
Error looking up domain users

root at ubuntu:/var/www/samba-doc/htmldocs # wbinfo -g
BUILTIN\Print Operators
BUILTIN\Backup Operators

root at ubuntu:/var/www/samba-doc/htmldocs # wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
Could not check secret

When performing the command wbingo -t (to check secret), smbd logs :

ldapsam_getsampwnam: Unable to locate user [TESTDOM$] count=0
[2005/09/23 00:34:56, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
 pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2005/09/23 00:34:56, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242)
 get_md4pw: Workstation TESTDOM$: no account in domain

The machine account it is searching is TESTDOM$ , which is the domain name ,
not the netbios name.

Can any body help me with this one ?

Thanks & Regards.

Here's smb.conf :
workgroup = TESTDOM
netbios name = ubuntu
syslog = 0
log level = 4
name resolve order = wins bcast hosts
printcap name = CUPS
show add printer wizard = No

add user script = /usr/sbin/smbldap-useradd -a -m '%u'
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'

domain logons = Yes
domain master = yes
wins support = yes
printing = CUPS

ldap passwd sync = Yes
ldap admin dn = cn=Manager,dc=testdom,dc=com
passdb backend = ldapsam:"ldap://"
ldap delete dn = yes
ldap suffix = dc=testdom,dc=com
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap://localhost

time server = yes
logon path =
logon home =
idmap uid = 15000-20000
idmap gid = 15000-20000
template shell = /bin/bash
security = user
winbind use default domain = yes

comment = Home Directories
valid users = %S
writeable = yes
browseable = No
comment = Network Logon Service
path = /samba/netlogon
browseable = no
guest ok = yes

More information about the samba mailing list