[Samba] samba samba two way trusts and winbind

Liutauras Adomaitis liutauras.adomaitis at gmail.com
Mon May 25 15:30:45 GMT 2009 

Hi,

after whole day hitting my head into wall I decided to ask advise from
clever people:

My aim is to have two way trusts between two samba domains 3.0.25 and 3.0.28
I did: net rpc trustdom add and establish on both domains. It did not
went ok, but problem was with creating ldap accounts for domains. I
created them manually.
Now I have kind of working trusts:
# net rpc trustdom list
Password:
Trusted domains list:
SIMPLE            S-1-5-21-4169227953-3400459336-1793241584
none
Trusting domains list:
SIMPLE            S-1-5-21-4169227953-3400459336-1793241584

This is the same on both domains.
Then I faced a problem, that when I try to access workstation from
other domain it says I canot and samba logs were complaining that user
sid and group sid do not match and samba cannot handle it. I found on
google, that I must have winbind working in order to solve this. I
installed winbind and on one domain it is working - I can get a list
of foreign users with wbinfo -u, and it seems to solve my workstation
browsing. But I cannot get it working on the other domain.
these are wbinfo messages:
# wbinfo -u
Error looking up domain users
# wbinfo -m
Could not list trusted domains
# wbinfo --all-domains
# wbinfo --getdcname=SIMPLE
Could not get dc name for SIMPLE
# net lookup dc simple
192.168.62.22

This is what I get with winbindd -S -n -i
Processing section "[Finansai]"
adding IPC service
added interface ip=192.168.62.21 bcast=192.168.62.255 nmask=255.255.255.0
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
added interface ip=192.168.62.21 bcast=192.168.62.255 nmask=255.255.255.0
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
initialize_winbindd_cache: clearing cache and re-creating with version number 1
Added domain REC  S-1-5-21-4050335463-3799486674-3258589777
Added domain BUILTIN  S-1-5-32
get_dc_list: preferred server list: ", *"
fcntl_lock: lock failed at offset 0 count 1 op 6 type 0 (Resource
temporarily unavailable)
get_dc_list: preferred server list: ", *"
fcntl_lock: lock failed at offset 0 count 1 op 6 type 0 (Resource
temporarily unavailable)
get_dc_list: preferred server list: ", *"
fcntl_lock: lock failed at offset 0 count 1 op 6 type 0 (Resource
temporarily unavailable)
[12524]: list trusted domains
rpc: trusted_domains
winbindd_dual_list_trusted_domains: trusted_domains returned
NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND
Could not receive trustdoms
get_dc_list: preferred server list: ", *"
get_dc_list: preferred server list: ", *"
fcntl_lock: lock failed at offset 0 count 1 op 6 type 0 (Resource
temporarily unavailable)
get_dc_list: preferred server list: ", *"
fcntl_lock: lock failed at offset 0 count 1 op 6 type 0 (Resource
temporarily unavailable)
get_dc_list: preferred server list: ", *"
fcntl_lock: lock failed at offset 0 count 1 op 6 type 0 (Resource
temporarily unavailable)


Any ideas?
Maybe there is a procedure how to get samba samba trust working?

Thanks a lot
Liutauras

More information about the samba mailing list