[Samba] winbind - wbinfo problem
Vivekanandan Nataraj
viveknataraj at gmail.com
Sun Nov 14 12:02:39 MST 2010
Hi John,
Thanks for your reply.
This is the result :-
#wbinfo -u
Connected to LDAP server EIS.squid.biz
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
ads_sasl_spnego_bind: got server principal name = eis$@SQUID.BIZ
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache]
expiration Sun, 14 Nov 2010 22:22:14 IST
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache]
expiration Sun, 14 Nov 2010 22:22:26 IST
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials
ads_connect for domain SQUID failed: Invalid credentials
final write to client failed: Broken pipe
#wbinfo -g
Connected to LDAP server EIS.squid.biz
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
ads_sasl_spnego_bind: got server principal name = eis$@SQUID.BIZ
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache]
expiration Sun, 14 Nov 2010 22:27:10 IST
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache]
expiration Sun, 14 Nov 2010 22:27:12 IST
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials
ads_connect for domain SQUID failed: Invalid credentials
final write to client failed: Broken pipe
any problem with krb configuration ???
Regards,
Vivek
On Sun, Nov 14, 2010 at 11:59 PM, John Stile <john at stilen.com> wrote:
> You could try to run winbindd manually (winbindd -d 3 -i), and from
> another console run 'wbinfo -u', and see if any errors present them
> selves in the console where you ran winbindd. First make sure no other
> winbind daemon is running, by testing, as root, with: lsof -i tcp -nP |
> grep winbind
>
> On Sun, 2010-11-14 at 23:41 +0530, Vivekanandan Nataraj wrote:
> > Hi John,
> >
> >
> > Thanks for your reply.
> >
> >
> > I have modified the nsswitch.conf file and smb.conf as per your
> > suggestions.
> >
> >
> > Still wbinfo does not list the users... I have rebooted the server
> > after modification.
> >
> >
> > and #rm -rf /var/lib/samba/* and restart the services and joined the
> > domain again. but no luck..
> >
> >
> > nsswitch.conf
> > [
> > shadow: files
> > passwd: compat winbind
> > group: compat winbind
> >
> >
> > hosts: files dns wins
> > networks: files dns
> >
> >
> > services: files
> > protocols: files
> > rpc: files
> > ethers: files
> > netmasks: files
> > netgroup: files nis
> > publickey: files
> >
> >
> > bootparams: files
> > automount: files nis
> > aliases: files
> > ]
> >
> >
> > samba
> > [
> > workgroup = SQUID
> > realm = SQUID.BIZ
> > security = ADS
> > password server = EIS.SQUID.BIZ
> > printcap name = cups
> > idmap uid = 1000-20000000
> > idmap gid = 1000-20000000
> > winbind separator = +
> > winbind enum users = Yes
> > winbind enum groups = Yes
> > winbind use default domain = Yes
> > winbind nss info = rfc2307
> > cups options = raw
> > ]
> >
> >
> > Any thing i missed ?
> >
> >
> > Thanks in advance..
> >
> >
> > Regards,
> > Vivek
> >
> > On Sun, Nov 14, 2010 at 10:33 PM, John Stile <john at stilen.com> wrote:
> > Does /etc/nsswitch.conf hold winbind?
> > Something like this:
> > passwd: compat winbind
> > group: compat winbind
> >
> > Also,
> > your config doesn't show:
> > winbind separator = +
> >
> > your config doesn't have a fully qualified "password server"
> > hostname.
> >
> >
> >
> > On Sun, 2010-11-14 at 11:09 +0530, Vivekanandan Nataraj wrote:
> > > Hi Guys,
> > >
> > > I have configured SAMBA with Windows 2003 AD. But "#wbinfo
> > -u" and
> > > "#wbinfo -g" does not list the users
> > >
> > > 1. Domain joined successfully.
> > >
> > > # net rpc testjoin -U Administrator
> > > Join to 'DOMAIN' is OK
> > >
> > > 2. wbinfo -a works ( User authentication )
> > >
> > > # wbinfo -a 'DOMAIN\user'
> > > Enter DOMAIN\user's password:
> > > plaintext password authentication succeeded
> > > Enter DOMAIN\user's password:
> > > challenge/response password authentication succeeded
> > >
> > > 3. wbinfo -u and wbinfo -g does list nothing
> > >
> > > # wbinfo -u
> > > # wbinfo -g
> > >
> > > # wbinfo -r 'DOMAIN\user'
> > > Could not get groups for user DOMAIN\user
> > >
> > > SAMBA config : -
> > >
> > > [global]
> > > workgroup = DOMAIN
> > > realm = DOMAIN.BIZ
> > > security = ADS
> > > password server = EIS
> > > printcap name = cups
> > > idmap uid = 1000-20000000
> > > idmap gid = 1000-20000000
> > > winbind enum users = Yes
> > > winbind enum groups = Yes
> > > winbind use default domain = Yes
> > > winbind nss info = rfc2307
> > > cups options = raw
> > >
> > > Versions :-
> > >
> > > # smbd -V
> > > Version 3.4.2-1.1.3.1-2229-SUSE-SL11.2
> > >
> > > # winbindd -V
> > > Version 3.4.2-1.1.3.1-2229-SUSE-SL11.2
> > >
> > > Share your ideas...
> > >
> > > Regards,
> > > Vivek
> >
> >
> >
> >
> >
>
>
>
More information about the samba
mailing list