[Samba] Error looking up domain groups

Guido Lorenzutti guido at lorenzutti.com.ar
Mon Nov 5 14:05:02 GMT 2007


Hi people: I have a samba 3.0.24 configured to act like a member domain
and the winbind -g gives me: "Error looking up domain groups". This is a
problem coz' I can't assing permissions to by group. If you can enlightme
with a solution... tnxs in advance..

This is my smb.conf:


[global]
#Network ID
        workgroup = JUSBAIRES
        netbios name = BERUTI-CUPS
        server string =

#Logs
        debug level = 0
        syslog = 0
        log level = 20
        log file = /var/log/samba/%m.%U.log
        max log size = 10000
        panic action = /usr/share/samba/panic-action %d

#Network Support
        name resolve order = wins hosts lmhosts bcast
        socket options = TCP_NODELAY SO_RCVBUF=65535 SO_SNDBUF=65535
IPTOS_LOWDELAY SO_KEEPALIVE
        wins support = no
        wins proxy = no
        wins server = 10.3.0.1
        enhanced browsing = yes
        dns proxy = no
        time server = no
        local master = no
        smb ports = 139

#Printer Options
        printcap name = cups
        printing = cups
        load printers = yes
        cups server = beruti-cups.jusbaires.gov.ar

#Security Options
        admin users = @cupsadmin
        dos charset = CP850
        unix charset = 850
        display charset = LOCALE
        nt acl support = no
        restrict anonymous = 1
        security = domain
        password server = 10.3.0.1

        winbind separator = \
        winbind cache time = 300
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        winbind trusted domains only = Yes
        winbind nested groups = Yes
        winbind nss info = template
        winbind refresh tickets = No
        winbind offline logon = No

        idmap gid = 10000-20000
        idmap uid = 10000-20000

include = /etc/samba/printers.conf

And this is the log of the winbind when I do a "wbinfo -g":

adding IPC service
added interface ip=10.3.0.6 bcast=10.3.255.255 nmask=255.255.0.0
added interface ip=10.3.0.6 bcast=10.3.255.255 nmask=255.255.0.0
TimeInit: Serverzone is 10800
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Added domain JUSBAIRES  S-1-5-21-2281447165-45835457-3575675572
Added domain BERUTI-CUPS  S-1-5-21-1768017637-2019550423-1176766642
Added domain BUILTIN  S-1-5-32
child daemon request 41
cm_get_ipc_userpass: No auth-user defined
Doing spnego session setup (blob length=58)
got OID=1 3 6 1 4 1 311 2 2 10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_CHAL_TARGET_INFO
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
authenticated session setup failed with Logon failure
rpc_pipe_bind: Remote machine SERVER pipe \lsarpc fnum 0x753a bind request
returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR
received from remote machine SERVER pipe \lsarpc fnum 0x753a!
child daemon request 18
[10793]: list trusted domains
Using cleartext machine password
rpc_pipe_bind: Remote machine SERVER pipe \NETLOGON fnum 0x753b bind
request returned ok.
cli_net_req_chal: LSA Request Challenge from BERUTI-CUPS to \\SERVER
cli_net_auth2: srv:\\SERVER acct:BERUTI-CUPS$ sc:2 mc: BERUTI-CUPS neg:
400701ff
rpc_pipe_bind: Remote machine SERVER pipe \NETLOGON fnum 0x753c bind
request returned ok.
rpc_pipe_bind: Remote machine SERVER pipe \samr fnum 0x753d bind request
returned ok.
rpc: trusted_domains
rpc_pipe_bind: Remote machine SERVER pipe \lsarpc fnum 0x753e bind request
returned ok.
lsa_io_sec_qos: length c does not match size 8
[    0]: request interface version
[    0]: request location of privileged pipe
[    0]: list groups
get_sam_group_entries: BUILTIN or local domain; enumerating local groups
as well
get_sam_group_entries: Failed to enumerate domain local groups!
get_sam_group_entries: BUILTIN or local domain; enumerating local groups
as well
get_sam_group_entries: Failed to enumerate domain local groups!
rpc: enum_dom_groups
cm_get_ipc_userpass: No auth-user defined
Doing spnego session setup (blob length=58)
got OID=1 3 6 1 4 1 311 2 2 10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_CHAL_TARGET_INFO
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
authenticated session setup failed with Logon failure
Using cleartext machine password
rpc_pipe_bind: Remote machine SERVER pipe \NETLOGON fnum 0x753f bind
request returned ok.
cli_net_req_chal: LSA Request Challenge from BERUTI-CUPS to \\SERVER
cli_net_auth2: srv:\\SERVER acct:BERUTI-CUPS$ sc:2 mc: BERUTI-CUPS neg:
400701ff
rpc_pipe_bind: Remote machine SERVER pipe \NETLOGON fnum 0x7540 bind
request returned ok.
rpc_pipe_bind: Remote machine SERVER pipe \samr fnum 0x7541 bind request
returned ok.
child daemon request 18
[10793]: list trusted domains
rpc: trusted_domains







More information about the samba mailing list