[Samba] Samba + Winbind + Windows 2003 AD
Henrik Dige Semark
hds at semark.dk
Sun Jul 18 05:33:44 MDT 2010
Hi Tobias
To be honest I don't really know that mutch about the Windows AD, I'm
not an Windows guy, when I talked with the Windows AD Administrator he
told my that it was an RFC2307 schema and not an old SFU, but I have
just now logged on to the AD server and it doesn't seams like any
schemas is loaded at all.
My winbind debugging:
http://pastebin.com/WjDRvp8q
Winbind debugging while getent passwd USER:
http://pastebin.com/0B24yePY
I don't know way there is a lot of UVROOT.LOCAL, my server is only
joined to UNDERVISNING.LOCAL, but the windows AD server do know UVROOT also.
--
Med Venlig Hilsen / Best Regards
Henrik Dige Semark
Den 18-07-2010 08:58, Mucke, Tobias, FCI4 skrev:
> Hi Henrik,
>
> I am also fighting with Winbind for a few days now experiencing some weird behaviour.
>
> Regarding your explanation I assume you have SFU running in your AD Domain. Do you really have a RFC2307 complaint schema in AD or do you still stick to SFU schema?
>
> For debugging the winbind it was helpful to me to start it in a shell as a foreground process with debugging on, e. g.
>
> /usr/sbin/winbindd -SFi -d3
>
> Now you should be able to see the different Winbind behaviour regarding the login and getent.
>
> Good luck.
>
>
>
> Tobias Mucke
>
> LFK-Lenkflugkörpersysteme GmbH
> Serverpool, FCI4
> Landshuter Straße 26, 85716 Unterschleißheim, GERMANY
> Phone: +49 89 3179 8438
> Fax: +49 89 3179 8927
> Mobile: +49 170 635 3830
> E-Mail: tobias.mucke at mbda-systems.de
>
> http://www.mbda.net
>
> Chairman of the Supervisory Board: Antoine Bouvier
> Managing Director: Werner Kaltenegger
> Registered Office: Schrobenhausen
> Commercial Register: Amtsgericht Ingolstadt, HRB 4365
>
> -----Original Message-----
> From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Henrik Dige Semark
> Sent: Sunday, July 18, 2010 1:35 AM
> To: samba at lists.samba.org
> Subject: [Samba] Samba + Winbind + Windows 2003 AD
>
> Hey out there.
>
> I have to join my UNIX server with an existing Win2k3 AD network.
>
> My system info:
> Debian Lenny
> Samba - 3.4.8
> Winbind - 3.4.8
>
> Windows Server 2003 with 2000-style-AD
>
> My problem is that, I have en UNIX server that have to run auth up against our existing windows 2003 AD.
>
> I have successfully joined my UNIX server to the AD, without problems.
> # net ads join -U Administrator
> Enter Administrator's password:
> Using short domain name -- TEST
> Joined 'MAIL' to realm 'TEST.LOCAL'
>
> My Samba config: http://pastebin.com/ZqaA0Ypn
>
> After the join I'm able to lookup peoples with # wbinfo -u [...] XX hds XXX [...]
>
> # wbinfo -g
> [...]
> bg XX
> bg hds
> bg XXX
> [...]
>
> Now the problem, getent only returns the local users and not the users from the AD The funny thing is that if a user is local on the UNIX and in the AD, I can login with the password from both local and AD, so I know that it can lookup people and passwords
>
> # getent passwd hs ; echo $?
> 2
>
> When I debug on getent it returns 2, witch means that it can't find the user.
>
> I know there can be a problem with this if the resolv-names is not working
>
> # ping addc.UNDERVISNING.LOCAL
> PING addc.birke-gym.dk (10.3.17.1) 56(84) bytes of data.
> 64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=1 ttl=128
> time=0.211 ms
> 64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=2 ttl=128
> time=0.207 ms
>
> # ping mail.UNDERVISNING.LOCAL
> PING mail.birke-gym.dk (127.0.1.1) 56(84) bytes of data.
> 64 bytes from mail.birke-gym.dk (127.0.1.1): icmp_seq=1 ttl=64 time=0.099 ms
> 64 bytes from mail.birke-gym.dk (127.0.1.1): icmp_seq=2 ttl=64 time=0.094 ms
>
> Is there anyone that can see where I have done something rung in my samba-config.?
>
> --
> Med Venlig Hilsen / Best Regards
> Henrik Dige Semark
>
More information about the samba
mailing list