[Samba] Problems with samba 3.4.2 and w2k8r2 AD

Christoph Kaminski mangel at gmx.de
Thu Nov 26 12:29:14 MST 2009


Hi!

I can Join, wbinfo -u etc works but getent passwd doesnt...
I think the problem is: get this error:
'get_dc_list: preferred server list: ", *"'
but why does it not know my domain? (already joined)

Can someone help?

Greetz

Conf:

#GLOBAL PARAMETERS
[global]
    workgroup = CHAOS
    realm = chaos.local
    password server = beelzebub.chaos.local
    preferred master = no
    server string = %h (Samba %v)
    security = ADS
    encrypt passwords = yes
    log level = 3
    log file = /var/log/samba/log.%m
    max log size = 50
    winbind enum users = Yes
    winbind enum groups = Yes
    winbind use default domain = Yes
    winbind nested groups = Yes
    winbind separator = +
    passdb backend = tdbsam
    idmap backend = ad
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    template shell = /bin/bash
    winbind nss info = rfc2307

krb:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = CHAOS.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes

[realms]
CHAOS.LOCAL = {
    kdc = beelzebub.chaos.local
    admin_server = beelzebub.chaos.local
    default_domain = chaos.local
}

[domain_realm]
.belzebub.chaos.local = CHAOS.LOCAL
.chaos.local = CHAOS.LOCAL

#[kdc]
#profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
    debug = false
    ticket_lifetime = 36000
    renew_lifetime = 36000
    forwardable = true
    krb4_convert = false
}

Log: (after getent passwd)

[ 6293]: request interface version
[ 6293]: request location of privileged pipe
final write to client failed: Broken pipe
[ 6293]: setpwent
[ 6293]: getpwent
ads: query_user_list
get_dc_list: preferred server list: "beelzebub, beelzebub.chaos.local"
Successfully contacted LDAP server 192.168.50.80
get_dc_list: preferred server list: "beelzebub, beelzebub.chaos.local"
get_dc_list: preferred server list: "beelzebub, beelzebub.chaos.local"
Successfully contacted LDAP server 192.168.50.80
Connected to LDAP server beelzebub.chaos.local
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
ads_sasl_spnego_bind: got server principal name = 
not_defined_in_RFC4178 at please_ignore
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] 
expiration Fri, 27 Nov 2009 06:24:16 CET
ads_krb5_mk_req: server marked as OK to delegate to, building 
forwardable TGT
get_dc_list: preferred server list: "beelzebub, beelzebub.chaos.local"
Successfully contacted LDAP server 192.168.50.80
get_dc_list: preferred server list: "beelzebub, beelzebub.chaos.local"
get_dc_list: preferred server list: "beelzebub, beelzebub.chaos.local"
Successfully contacted LDAP server 192.168.50.80
Connected to LDAP server beelzebub.chaos.local
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
ads_sasl_spnego_bind: got server principal name = 
not_defined_in_RFC4178 at please_ignore
ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] 
expiration Fri, 27 Nov 2009 06:28:22 CET
ads_krb5_mk_req: server marked as OK to delegate to, building 
forwardable TGT
ads query_user_list gave 4 entries
get_dc_list: preferred server list: ", *"
Could not look up dc's for domain *
get_dc_list: preferred server list: ", *"
ads_dns_lookup_srv: Failed to resolve _ldap._tcp.dc._msdcs.* (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
get_dc_list: preferred server list: ", *"
get_dc_list: preferred server list: ", *"
Could not look up dc's for domain *
ad_idmap_init: failed to connect to AD
ADS uninitialized: No logon servers
default domain not writable
error getting user id for sid S-1-5-21-839142612-1421143767-3823028795-500
could not lookup domain user Administrator
get_dc_list: preferred server list: ", *"
Could not look up dc's for domain *
get_dc_list: preferred server list: ", *"
ads_dns_lookup_srv: Failed to resolve _ldap._tcp.dc._msdcs.* (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
get_dc_list: preferred server list: ", *"
get_dc_list: preferred server list: ", *"
Could not look up dc's for domain *
ad_idmap_init: failed to connect to AD
ADS uninitialized: No logon servers
default domain not writable
error getting user id for sid S-1-5-21-839142612-1421143767-3823028795-501
could not lookup domain user Gast
get_dc_list: preferred server list: ", *"
Could not look up dc's for domain *
get_dc_list: preferred server list: ", *"
ads_dns_lookup_srv: Failed to resolve _ldap._tcp.dc._msdcs.* (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
get_dc_list: preferred server list: ", *"
get_dc_list: preferred server list: ", *"
Could not look up dc's for domain *
ad_idmap_init: failed to connect to AD
ADS uninitialized: No logon servers
default domain not writable
error getting user id for sid S-1-5-21-839142612-1421143767-3823028795-502
could not lookup domain user krbtgt
get_dc_list: preferred server list: ", *"
Could not look up dc's for domain *
get_dc_list: preferred server list: ", *"
ads_dns_lookup_srv: Failed to resolve _ldap._tcp.dc._msdcs.* (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
get_dc_list: preferred server list: ", *"
get_dc_list: preferred server list: ", *"
Could not look up dc's for domain *
ad_idmap_init: failed to connect to AD
ADS uninitialized: No logon servers
default domain not writable
error getting user id for sid S-1-5-21-839142612-1421143767-3823028795-1103
could not lookup domain user perun
[ 6293]: endpwent
final write to client failed: Broken pipe



More information about the samba mailing list