[Samba] Confused about what I am seeing with domain names

David Shapiro David.Shapiro at bcbsnc.com
Fri Feb 3 16:13:36 GMT 2006


I see you put ip of dc.  When I run wbinfo --getdcname DOMAIN it does
not return back a dc.
 
The log.winbindd does not show anything even at log level 10:
 
]: Get DC name for BCBSNC
[2006/02/03 11:01:37, 10]
../nsswitch/winbindd_cache.c:cache_retrieve_response(1529)
  Retrieving response for pid 22330
[2006/02/03 11:03:07, 10]
../nsswitch/winbindd_cache.c:cache_retrieve_response(1529)
  Retrieving response for pid 22330
[2006/02/03 11:03:07, 10]
../nsswitch/winbindd_cache.c:cache_retrieve_response(1551)
  Retrieving extra data length=251
[2006/02/03 11:08:07, 10]
../nsswitch/winbindd_cache.c:cache_retrieve_response(1529)
  Retrieving response for pid 22330
[2006/02/03 11:08:07, 10]
../nsswitch/winbindd_cache.c:cache_retrieve_response(1551)
  Retrieving extra data length=251

 
David Shapiro
Unix Team Lead
919-765-2011

>>> "Nico De Wilde" <nico at openix.be> 2/3/2006 11:05:11 AM >>>

David,

Can you add the following lines to your krb5.conf:

[realms]
DOMAIN.COM = {
  kdc = ip.of.your.dc:88
  admin_server = ip.of.your.dc:749
  default_domain = domain.com
}

Regards,

Nico
  ----- Original Message ----- 
  From: David Shapiro 
  To: Nico Wilde 
  Sent: Friday, February 03, 2006 4:50 PM
  Subject: Re: [Samba] Confused about what I am seeing with domain
names


  I am trying to get a aix samba server to join an ads domain. I think
I see what the DOMAIN_NETWORK is.  wbinfo -D for it shows it is not an
ads server whereas the DOMAIN one is an ads server.  That one is not
showing information because kerberos cannot find the kdc for some reason
that I can't figure out.  It does have SRV records in dns.  

  Here is the krb5.conf file I am using:

  mit krb5:

  [libdefaults]
          default_realm = DOMAIN.COM

  [realms]
          DOMAIN.COM = {
                  kdc = adsserver.domain.com
                  admin_server = adsserver.domain.com
          }

  [domain_realm]
          .domain.com = DOMAIN.COM
          domain.com = DOMAIN.COM

  [logging]
          kdc = CONSOLE


  smb.conf:

  [global]
          workgroup = DOMAIN
          netbios name = sambaserver
          socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
          idmap uid = 10000-20000
          idmap gid = 10000-20000
          idmap backend = ad
          # os level = 65
          winbind enum users = yes
          winbind enum groups = yes
          #winbind uid = 10000-20000
          #winbind gid = 10000-20000
          winbind separator = /
          encrypt passwords = yes
          server string = samba server
          security = ADS
          # security = domain
          realm = DOMAIN.COM
          password server = adsserver.domain.com
          preferred master = no
          log file = /usr/local/samba/var/log.%m
          log level = 10
          max log size = 50
          local master = No
          dns proxy = No
          wins server = wins02 wins03
          wins proxy = no
          name resolve order = hosts wins lmhosts bcast
          aio read size = 1
          aio write size = 1
          template homedir = /home/winnt/%D/%U
          template shell = /bin/bash

  [homes]
          path = /home/%u
          read only = No


  David Shapiro
  Unix Team Lead
  919-765-2011

  >>> "Nico De Wilde" <nico at openix.be> 2/3/2006 9:55:15 AM >>>

  David,

  Please post your smb.conf / nsswitch.conf/krb5.conf

  What are you trying to achieve? Joining a samba server to a Windows
AD 
  domain?

  Please provide some more information.

  Thx.

  Regards,

  Nico


  ----- Original Message ----- 
  From: "David Shapiro" <David.Shapiro at bcbsnc.com>
  To: <samba at lists.samba.org>
  Sent: Friday, February 03, 2006 3:49 PM
  Subject: [Samba] Confused about what I am seeing with domain names


  >I could not get wbinfo -g/u to work and was seeing a bunch of
errors
  > related to to not being able to enumerate groups.  I saw somebody
use
  > idmap backend = ad and added this since I have been struggling to
get ad
  > working (still not working).  Now, when I run wbinfo -g/-u, I am
getting
  > groups and users, but the domain it shows is different than what I
  > expected.  My domain I was using for workgroup line is DOMAIN, for
  > example, but wbinfo -g returns back:
  >
  > DOMAIN_NETWORK/group
  >
  > Is _NETWORK something that samba added, or is theis the name of
the
  > domain I should really be using?  I did a grep on wbinfo -u for my
user,
  > and it returned my user too.  If my domain is actually
DOMAIN_NETWORK,
  > is it possible my realm is not domain.com but domain_network.com
or
  > something weird like that?  Should I change my workgroup line to
use
  > domain_network?  I still can't get my kinit to find my kdc.  I am
  > wondering if I clear this up maybe my kdc kinit command will work. 
Note
  > that I did ask my nt admin to run dns nslookup checks on
  > _ldap.domain.com and _kerberos.domain.com, and those did return
the
  > correct results showing domain.com should be my realm.
  >
  > David
  >
  >
  >
  > David Shapiro
  > Unix Team Lead
  > 919-765-2011
  > -- 
  > To unsubscribe from this list go to the following URL and read the
  > instructions:  https://lists.samba.org/mailman/listinfo/samba 

  -- 
  To unsubscribe from this list go to the following URL and read the
  instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba



More information about the samba mailing list