[Samba] winbind joins with domain name , not netbios name

Jason Gerfen jason.gerfen at scl.utah.edu
Fri Sep 23 12:10:39 GMT 2005


Turki Al-Ibrahim wrote:

>Hi,
>
>I am having a problem with Winbind:
>
>First, some information ..
>Domain name :TESTDOM
>PDC's Netbios name : ubuntu
>Samba version : 3.0.20 (lateset patches installed) with LDAP backend.
>Linux : Ubuntu 2.6.10
>
>Samba is running smoothly, with no problems.
>
>I wanted to use Winbind, so I followed Samba HowTo - chapter 23
>http://us5.samba.org/samba/docs/man/Samba3-HOWTO/winbind.html#id2634776
>
>I wanted to configure winbind to use the domain installed in the same
>server, so I joined using this command :
>net join -U administrator
>
>It says Joined Domain TESTDOM , and a machine account is created in LDAP
>with the following attributes :
>
>dn: uid=ubuntu$,ou=Computers,dc=testdom,dc=com
>objectClass: top,inetOrgPerson,posixAccount,sambaSamAccount
>cn: ubuntu$
>sn: ubuntu$
>uid: ubuntu$
>uidNumber: 1006
>gidNumber: 515
>homeDirectory: /dev/null
>loginShell: /bin/false
>description: Computer
>gecos: Computer
>sambaSID: S-1-5-21-649663798-2503265242-3544459435-3012
>sambaPrimaryGroupSID: S-1-5-21-649663798-2503265242-3544459435-2031
>displayName: Computer
>sambaPwdCanChange: 1127424362
>sambaPwdMustChange: 2147483647
>sambaLMPassword: F6612BB25EF49A45DBF571ADD3E3B73E
>sambaNTPassword: 3EFFA0C5FF16761A846B9B24192F5955
>sambaPwdLastSet: 1127424362
>sambaAcctFlags: [S ] (S should be for server trust account , is this normal
>?)
>
>Then , I start Winbind.
>
>Here is the output of wbinfo -u , -g & -t
>
>root at ubuntu:/var/www/samba-doc/htmldocs # wbinfo -u
>Error looking up domain users
>
>root at ubuntu:/var/www/samba-doc/htmldocs # wbinfo -g
>BUILTIN\Print Operators
>BUILTIN\Backup Operators
>BUILTIN\Replicators
>
>root at ubuntu:/var/www/samba-doc/htmldocs # wbinfo -t
>checking the trust secret via RPC calls failed
>error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
>Could not check secret
>
>When performing the command wbingo -t (to check secret), smbd logs :
>
>ldapsam_getsampwnam: Unable to locate user [TESTDOM$] count=0
>[2005/09/23 00:34:56, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
>[2005/09/23 00:34:56, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242)
> get_md4pw: Workstation TESTDOM$: no account in domain
>
>The machine account it is searching is TESTDOM$ , which is the domain name ,
>not the netbios name.
>
>Can any body help me with this one ?
>
>Thanks & Regards.
>
>Here's smb.conf :
>[global]
>workgroup = TESTDOM
>netbios name = ubuntu
>syslog = 0
>log level = 4
>name resolve order = wins bcast hosts
>printcap name = CUPS
>show add printer wizard = No
>
>add user script = /usr/sbin/smbldap-useradd -a -m '%u'
>delete user script = /usr/sbin/smbldap-userdel %u
>add group script = /usr/sbin/smbldap-groupadd -p '%g'
>delete group script = /usr/sbin/smbldap-groupdel '%g'
>add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
>delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u'
>'%g'
>set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
>add machine script = /usr/sbin/smbldap-useradd -w '%u'
>
>domain logons = Yes
>domain master = yes
>wins support = yes
>printing = CUPS
>
>ldap passwd sync = Yes
>ldap admin dn = cn=Manager,dc=testdom,dc=com
>passdb backend = ldapsam:"ldap://127.0.0.1/"
>ldap delete dn = yes
>ldap suffix = dc=testdom,dc=com
>ldap user suffix = ou=Users
>ldap machine suffix = ou=Computers
>ldap group suffix = ou=Groups
>ldap idmap suffix = ou=Idmap
>idmap backend = ldap:ldap://localhost
>
>time server = yes
>logon path =
>logon home =
>idmap uid = 15000-20000
>idmap gid = 15000-20000
>template shell = /bin/bash
>security = user
>  
>
%> net ads leave #need to leave domain if applicable
set:
security = ads
then rejoin domain
%> net ads join -U Administrator
%> wbinfo --sequence
%> getent passwd
That last command should list the users you are attempting to 
authentication using the NTLM auth. mechanism

>winbind use default domain = yes
>
>[homes]
>comment = Home Directories
>valid users = %S
>writeable = yes
>browseable = No
>[netlogon]
>comment = Network Logon Service
>path = /samba/netlogon
>browseable = no
>guest ok = yes
>  
>


-- 
Jason Gerfen
Student Computing Labs, University Of Utah
jason.gerfen at scl.utah.edu

J. Willard Marriott Library
295 S 1500 E, Salt Lake City, UT 84112-0860
801-585-9810

"My girlfriend threated to
 leave me if I went boarding...
 I will miss her."
 ~ DIATRIBE aka FBITKK



More information about the samba mailing list