[Samba] Samba + Winbind + Windows 2003 AD
Mucke, Tobias, FCI4
tobias.mucke at mbda-systems.de
Sun Jul 18 00:58:37 MDT 2010
Hi Henrik,
I am also fighting with Winbind for a few days now experiencing some weird behaviour.
Regarding your explanation I assume you have SFU running in your AD Domain. Do you really have a RFC2307 complaint schema in AD or do you still stick to SFU schema?
For debugging the winbind it was helpful to me to start it in a shell as a foreground process with debugging on, e. g.
/usr/sbin/winbindd -SFi -d3
Now you should be able to see the different Winbind behaviour regarding the login and getent.
Good luck.
Tobias Mucke
LFK-Lenkflugkörpersysteme GmbH
Serverpool, FCI4
Landshuter Straße 26, 85716 Unterschleißheim, GERMANY
Phone: +49 89 3179 8438
Fax: +49 89 3179 8927
Mobile: +49 170 635 3830
E-Mail: tobias.mucke at mbda-systems.de
http://www.mbda.net
Chairman of the Supervisory Board: Antoine Bouvier
Managing Director: Werner Kaltenegger
Registered Office: Schrobenhausen
Commercial Register: Amtsgericht Ingolstadt, HRB 4365
-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Henrik Dige Semark
Sent: Sunday, July 18, 2010 1:35 AM
To: samba at lists.samba.org
Subject: [Samba] Samba + Winbind + Windows 2003 AD
Hey out there.
I have to join my UNIX server with an existing Win2k3 AD network.
My system info:
Debian Lenny
Samba - 3.4.8
Winbind - 3.4.8
Windows Server 2003 with 2000-style-AD
My problem is that, I have en UNIX server that have to run auth up against our existing windows 2003 AD.
I have successfully joined my UNIX server to the AD, without problems.
# net ads join -U Administrator
Enter Administrator's password:
Using short domain name -- TEST
Joined 'MAIL' to realm 'TEST.LOCAL'
My Samba config: http://pastebin.com/ZqaA0Ypn
After the join I'm able to lookup peoples with # wbinfo -u [...] XX hds XXX [...]
# wbinfo -g
[...]
bg XX
bg hds
bg XXX
[...]
Now the problem, getent only returns the local users and not the users from the AD The funny thing is that if a user is local on the UNIX and in the AD, I can login with the password from both local and AD, so I know that it can lookup people and passwords
# getent passwd hs ; echo $?
2
When I debug on getent it returns 2, witch means that it can't find the user.
I know there can be a problem with this if the resolv-names is not working
# ping addc.UNDERVISNING.LOCAL
PING addc.birke-gym.dk (10.3.17.1) 56(84) bytes of data.
64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=1 ttl=128
time=0.211 ms
64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=2 ttl=128
time=0.207 ms
# ping mail.UNDERVISNING.LOCAL
PING mail.birke-gym.dk (127.0.1.1) 56(84) bytes of data.
64 bytes from mail.birke-gym.dk (127.0.1.1): icmp_seq=1 ttl=64 time=0.099 ms
64 bytes from mail.birke-gym.dk (127.0.1.1): icmp_seq=2 ttl=64 time=0.094 ms
Is there anyone that can see where I have done something rung in my samba-config.?
--
Med Venlig Hilsen / Best Regards
Henrik Dige Semark
More information about the samba
mailing list