[Samba] winbind joins with domain name , not netbios name
Turki Al-Ibrahim
turkiad at gmail.com
Fri Sep 23 12:00:26 GMT 2005
Hi,
I am having a problem with Winbind:
First, some information ..
Domain name :TESTDOM
PDC's Netbios name : ubuntu
Samba version : 3.0.20 (lateset patches installed) with LDAP backend.
Linux : Ubuntu 2.6.10
Samba is running smoothly, with no problems.
I wanted to use Winbind, so I followed Samba HowTo - chapter 23
http://us5.samba.org/samba/docs/man/Samba3-HOWTO/winbind.html#id2634776
I wanted to configure winbind to use the domain installed in the same
server, so I joined using this command :
net join -U administrator
It says Joined Domain TESTDOM , and a machine account is created in LDAP
with the following attributes :
dn: uid=ubuntu$,ou=Computers,dc=testdom,dc=com
objectClass: top,inetOrgPerson,posixAccount,sambaSamAccount
cn: ubuntu$
sn: ubuntu$
uid: ubuntu$
uidNumber: 1006
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
sambaSID: S-1-5-21-649663798-2503265242-3544459435-3012
sambaPrimaryGroupSID: S-1-5-21-649663798-2503265242-3544459435-2031
displayName: Computer
sambaPwdCanChange: 1127424362
sambaPwdMustChange: 2147483647
sambaLMPassword: F6612BB25EF49A45DBF571ADD3E3B73E
sambaNTPassword: 3EFFA0C5FF16761A846B9B24192F5955
sambaPwdLastSet: 1127424362
sambaAcctFlags: [S ] (S should be for server trust account , is this normal
?)
Then , I start Winbind.
Here is the output of wbinfo -u , -g & -t
root at ubuntu:/var/www/samba-doc/htmldocs # wbinfo -u
Error looking up domain users
root at ubuntu:/var/www/samba-doc/htmldocs # wbinfo -g
BUILTIN\Print Operators
BUILTIN\Backup Operators
BUILTIN\Replicators
root at ubuntu:/var/www/samba-doc/htmldocs # wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
Could not check secret
When performing the command wbingo -t (to check secret), smbd logs :
ldapsam_getsampwnam: Unable to locate user [TESTDOM$] count=0
[2005/09/23 00:34:56, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2005/09/23 00:34:56, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242)
get_md4pw: Workstation TESTDOM$: no account in domain
The machine account it is searching is TESTDOM$ , which is the domain name ,
not the netbios name.
Can any body help me with this one ?
Thanks & Regards.
Here's smb.conf :
[global]
workgroup = TESTDOM
netbios name = ubuntu
syslog = 0
log level = 4
name resolve order = wins bcast hosts
printcap name = CUPS
show add printer wizard = No
add user script = /usr/sbin/smbldap-useradd -a -m '%u'
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u'
'%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'
domain logons = Yes
domain master = yes
wins support = yes
printing = CUPS
ldap passwd sync = Yes
ldap admin dn = cn=Manager,dc=testdom,dc=com
passdb backend = ldapsam:"ldap://127.0.0.1/"
ldap delete dn = yes
ldap suffix = dc=testdom,dc=com
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap://localhost
time server = yes
logon path =
logon home =
idmap uid = 15000-20000
idmap gid = 15000-20000
template shell = /bin/bash
security = user
winbind use default domain = yes
[homes]
comment = Home Directories
valid users = %S
writeable = yes
browseable = No
[netlogon]
comment = Network Logon Service
path = /samba/netlogon
browseable = no
guest ok = yes
More information about the samba
mailing list