[Samba] [Solved] (Sort of) - Re: Winbind, pdbedit - does not belong to our domain

J. Pilfold-Bagwell jpb at bordengrammar.kent.sch.uk
Sun Feb 20 18:34:43 MST 2011

On 20/02/11 01:02, Bob Miller wrote:
>> Getent passwd works and returns all domain users.
>> Getent group returns all groups correctly.
>> Net group map list works and returns correctly mapped groups.
>> Wbinfo -t returns "checking the trust secret for domain BGS via RPC
>> calls succeeded".
>> wbinfo --own-domain returns the correct NT domain name
>> In short, everything seems to work OK until you run wbinfo -u or -g at
>> which point it sits there until it times out.  Smb.conf is the same as
>> the other member servers, the net rpc join command  returned success and
>> a machine account was successfully created in the LDAP directory. The
>> smb.conf file is here:
>> Any suggestions gratefully received.
>> Thanks,
>> Julian
> I recently played a game similar to this one, for me everything worked
> but wbinfo -g.  What I did to resolve that was use `net sam
> mapunixgroup` for all the domain groups, and all my group stuff started
> magically working.  I doubt that will do anything for your wbinfo -u
> problem, but it might move you a step forward.  Or it might not; it is
> just a suggestion....
> Bob Miller
> 334-7117/660-5315
> http://computerisms.ca
> bob at computerisms.ca
> Network, Internet, Server,
> and Open Source Solutions

Thanks for that.  Gave it a go but no joy so I decided to try making it 
a BDC to see what would happen.  First I tried "net setlocalsid" with 
the domain sid but it refused to change.  I then changed "domain logons 
= no"  to yes and tried again and it set the local SID.  Funny thing 
though was that I'd forgotten to set "security =" to user and had left 
it as domain but it didn't complain. Samba started and winbind worked.

I also have a new print server going on which had the same problem as 
the proxy re: winbind.  After setting this up as a BDC, it also works 
fine.  The interesting thing is that all the other member servers that 
are not functioning as BDCs have local sids that are different to the 
domain sid ( I believe this is how it should be)  and they hooked up 
without a problem.  Luckily, I'm running a Samba PDC so I do the BDC thing.

When I have a bit more time I may pursue this and I'll post any info here.



More information about the samba mailing list