[Samba] wbinfo -u not working against Windows 2003 DC

Alexander van der Leun alex at vdleun.net
Sat Sep 30 17:15:00 GMT 2006 

Hello all,

This is my first post on this list, so please bear with me. :-)

I'm managing a couple of Samba servers located at our customers. Since a 
couple of weeks we have a problem with winbind on one of our samba 
servers. It runs in a mixed Windows/Samba environment where a W2k3 
server is the PDC. As far as I know it runs in mixed mode. Is there any 
way I can check this (WINS is running btw)? Until today we used samba 
3.0.3 on a Fedora Core 2 server, but I have upgraded this to 3.0.23c 
using a SRPM.

The problem as of two weeks is that it no longer looks up domain users 
from the PDC. Users are no longer of the form DOMAIN\User, but looked 
like a local account: user, when running smbstatus. The gid is now 
nobody instead of DOMAIN\Domain Users.

I have now upgraded to version 3.0.23c and now it won't let domain users 
logon to the samba server. Samba had joined the domain and net rpc 
testjoin returns ok. I've added winbind to /etc/nsswitch.conf:

passwd:    files winbind
shadow:    files
group:       files winbind

And libnss_winbind.so exists in /lib:
-rwxr-xr-x  1 root root 17972 Sep 29 18:23 /lib/libnss_winbind.so
lrwxrwxrwx  1 root root    17 Sep 30 15:42 /lib/libnss_winbind.so.2 -> 
libnss_winbind.so

When running winbindd -d 2 -i I get:
winbindd version 3.0.23c started.
Copyright The Samba Team 2000-2004
Processing section "[sas]"
Processing section "[printers]"
added interface ip=172.17.0.247 bcast=172.17.0.255 nmask=255.255.255.0
added interface ip=172.17.0.247 bcast=172.17.0.255 nmask=255.255.255.0
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Added domain SOLINES  S-1-5-21-2535601797-1986373083-18572363
Added domain SOLSAMBA  S-1-5-21-1760014737-3532484745-1612504851
Added domain BUILTIN  S-1-5-32
ads_dns_lookup_srv: Failed to resolve _ldap._tcp.dc._msdcs.solines (Success)
ads_connect for domain SOLINES failed: Operations error

My question is: when W2K3 is running in mixed mode can I run samba with 
security=domain, or must I use security=ads? The above situation has 
always worked.

Can anyone give me some advice or is there something I've overlooked??

Best regards,
Alexander van der Leun

More information about the samba mailing list