[Samba] Error looking up domain groups
Guido Lorenzutti
guido at lorenzutti.com.ar
Mon Nov 5 14:05:02 GMT 2007
Hi people: I have a samba 3.0.24 configured to act like a member domain
and the winbind -g gives me: "Error looking up domain groups". This is a
problem coz' I can't assing permissions to by group. If you can enlightme
with a solution... tnxs in advance..
This is my smb.conf:
[global]
#Network ID
workgroup = JUSBAIRES
netbios name = BERUTI-CUPS
server string =
#Logs
debug level = 0
syslog = 0
log level = 20
log file = /var/log/samba/%m.%U.log
max log size = 10000
panic action = /usr/share/samba/panic-action %d
#Network Support
name resolve order = wins hosts lmhosts bcast
socket options = TCP_NODELAY SO_RCVBUF=65535 SO_SNDBUF=65535
IPTOS_LOWDELAY SO_KEEPALIVE
wins support = no
wins proxy = no
wins server = 10.3.0.1
enhanced browsing = yes
dns proxy = no
time server = no
local master = no
smb ports = 139
#Printer Options
printcap name = cups
printing = cups
load printers = yes
cups server = beruti-cups.jusbaires.gov.ar
#Security Options
admin users = @cupsadmin
dos charset = CP850
unix charset = 850
display charset = LOCALE
nt acl support = no
restrict anonymous = 1
security = domain
password server = 10.3.0.1
winbind separator = \
winbind cache time = 300
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind trusted domains only = Yes
winbind nested groups = Yes
winbind nss info = template
winbind refresh tickets = No
winbind offline logon = No
idmap gid = 10000-20000
idmap uid = 10000-20000
include = /etc/samba/printers.conf
And this is the log of the winbind when I do a "wbinfo -g":
adding IPC service
added interface ip=10.3.0.6 bcast=10.3.255.255 nmask=255.255.0.0
added interface ip=10.3.0.6 bcast=10.3.255.255 nmask=255.255.0.0
TimeInit: Serverzone is 10800
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Added domain JUSBAIRES S-1-5-21-2281447165-45835457-3575675572
Added domain BERUTI-CUPS S-1-5-21-1768017637-2019550423-1176766642
Added domain BUILTIN S-1-5-32
child daemon request 41
cm_get_ipc_userpass: No auth-user defined
Doing spnego session setup (blob length=58)
got OID=1 3 6 1 4 1 311 2 2 10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_CHAL_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
authenticated session setup failed with Logon failure
rpc_pipe_bind: Remote machine SERVER pipe \lsarpc fnum 0x753a bind request
returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR
received from remote machine SERVER pipe \lsarpc fnum 0x753a!
child daemon request 18
[10793]: list trusted domains
Using cleartext machine password
rpc_pipe_bind: Remote machine SERVER pipe \NETLOGON fnum 0x753b bind
request returned ok.
cli_net_req_chal: LSA Request Challenge from BERUTI-CUPS to \\SERVER
cli_net_auth2: srv:\\SERVER acct:BERUTI-CUPS$ sc:2 mc: BERUTI-CUPS neg:
400701ff
rpc_pipe_bind: Remote machine SERVER pipe \NETLOGON fnum 0x753c bind
request returned ok.
rpc_pipe_bind: Remote machine SERVER pipe \samr fnum 0x753d bind request
returned ok.
rpc: trusted_domains
rpc_pipe_bind: Remote machine SERVER pipe \lsarpc fnum 0x753e bind request
returned ok.
lsa_io_sec_qos: length c does not match size 8
[ 0]: request interface version
[ 0]: request location of privileged pipe
[ 0]: list groups
get_sam_group_entries: BUILTIN or local domain; enumerating local groups
as well
get_sam_group_entries: Failed to enumerate domain local groups!
get_sam_group_entries: BUILTIN or local domain; enumerating local groups
as well
get_sam_group_entries: Failed to enumerate domain local groups!
rpc: enum_dom_groups
cm_get_ipc_userpass: No auth-user defined
Doing spnego session setup (blob length=58)
got OID=1 3 6 1 4 1 311 2 2 10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_CHAL_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
authenticated session setup failed with Logon failure
Using cleartext machine password
rpc_pipe_bind: Remote machine SERVER pipe \NETLOGON fnum 0x753f bind
request returned ok.
cli_net_req_chal: LSA Request Challenge from BERUTI-CUPS to \\SERVER
cli_net_auth2: srv:\\SERVER acct:BERUTI-CUPS$ sc:2 mc: BERUTI-CUPS neg:
400701ff
rpc_pipe_bind: Remote machine SERVER pipe \NETLOGON fnum 0x7540 bind
request returned ok.
rpc_pipe_bind: Remote machine SERVER pipe \samr fnum 0x7541 bind request
returned ok.
child daemon request 18
[10793]: list trusted domains
rpc: trusted_domains
More information about the samba
mailing list