[Samba] Win2003 ADS, wbinfo -u and -g almost works
herman
herman at aeronetworks.ca
Thu Oct 4 00:20:34 GMT 2007
Hi guys,
So far, I have figured out that it has something to do with the
definition of security groups in ADS. WinXP clients work perfectly so
the setup is valid, but Winbind blows up, as shown below. I have ADS
running on VMware, so I can switch between working and non-working
versions and I'll try to figure out exactly what causes the problem.
What happens is that 'wbinfo -g' only shows 2 groups then raises an
error, while 'wbinfo -u' shows nothing at all.
Here is my setup:
Windows Server 2003 R2 Standard Edition
[root at ggg-mmm-w000048 ~]# smbd -V
Version 3.0.26a
[root at ggg-mmm-w000048 ~]# winbindd -V
Version 3.0.26a
[root at ggg-mmm-w000048 ~]# uname -a
Linux ggg-mmm-w000048.mmm.ddd.cccc.ca 2.6.18-8.el5 #1 SMP Fri Jan 26
14:15:21 EST 2007 i686 i686 i386 GNU/Linux
[root at ggg-mmm-w000048 ~]# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[export]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Server role: ROLE_DOMAIN_MEMBER
[global]
workgroup = MMM
realm = MMM.DDD.CCC.CA
server string = PPPP System Samba Server
security = ADS
password server = 192.168.1.100
log level = 3
log file = /var/log/samba/%m
max log size = 50
printcap name = cups
preferred master = No
dns proxy = No
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /home/ads/%D/%U
template shell = /bin/bash
winbind separator = +
winbind use default domain = Yes
winbind offline logon = Yes
hosts allow = 192.168., 127.
printing = cups
cups options = raw
print command =
lpq command = %p
lprm command =
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /usr/spool/samba
printable = Yes
browseable = No
[export]
path = /export
force user = GGG-PPPPuser
force group = GGG-PPPPgroup
read only = No
force create mode = 0775
force directory mode = 01775
printable = Yes
[root at ggg-mmm-w000048 ~]#
[root at ggg-mmm-w000048 ~]# wbinfo -t
checking the trust secret via RPC calls succeeded
[root at ggg-mmm-w000048 ~]# wbinfo -g
BUILTIN+administrators
BUILTIN+users
[root at ggg-mmm-w000048 ~]# wbinfo -u
Error looking up domain users
[root at ggg-mmm-w000048 ~]# tail -f /var/log/samba/winbindd
[2007/10/03 15:30:11, 3]
nsswitch/winbindd_group.c:get_sam_group_entries(859)
get_sam_group_entries: Failed to enumerate domain local groups!
[2007/10/03 15:30:11, 3]
nsswitch/winbindd_group.c:get_sam_group_entries(828)
get_sam_group_entries: could not enumerate domain groups! Error:
NT_STATUS_UNSUCCESSFUL
[2007/10/03 15:30:25, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(491)
[10389]: request interface version
[2007/10/03 15:30:25, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524)
[10389]: request location of privileged pipe
[2007/10/03 15:30:25, 3] nsswitch/winbindd_user.c:winbindd_list_users(754)
[10389]: list users
[root at ggg-mmm-w000048 ~]# smbclient -k \\\\ggg-mmm-w000048\\export -U
johndoe%Sup3rs3cr1t
cli_session_setup_blob: recieve failed (NT_STATUS_LOGON_FAILURE)
session setup failed: NT_STATUS_LOGON_FAILURE
[root at ggg-mmm-w000048 pam.d]# tail -f /var/log/messages
Oct 3 15:29:51 ggg-mmm-w000048 winbindd[3288]: [2007/10/03 15:29:51, 0]
libsmb/smb_signing.c:signing_good(253)
Oct 3 15:29:51 ggg-mmm-w000048 winbindd[3288]: signing_good: BAD SIG: seq 1
Oct 3 15:29:51 ggg-mmm-w000048 winbindd[3288]: [2007/10/03 15:29:51, 0]
libsmb/cliconnect.c:cli_session_setup_blob(586)
Oct 3 15:29:51 ggg-mmm-w000048 winbindd[3288]: cli_session_setup_blob:
recieve failed (NT_STATUS_LOGON_TYPE_NOT_GRANTED)
More information about the samba
mailing list