[Samba] wbinfo -u Don't show users from trusted(ing) domain on domain member server

Wasil sub_wasil at mail.ru
Wed Mar 16 03:35:19 MDT 2011 

Hi, All!

I Have Samba (3.5.6) domain witch have trust relations with ADS (Named TEST) Win2008 (2008 domain mode)
On PDC all working very good.
I have also Domain Member server in my samba Domain.
When i trying type wbinfo -u, or  getent passwd on samba PDC (Named BINKLG) I see all, including ADS users.
When I trying do it on Domain Member Server I don't see users from ADS
Is it possible to view thats users (from trusted domain) on DMS (not BDC)?

Samba 3.5.6

after typing wbinfo -u:

suspicious strings in log files 

loglevel 10:
log.wb-TEST
[2011/03/16 10:55:56.466417, 10] winbindd/winbindd_util.c:1337(winbindd_can_contact_domain)
  winbindd_can_contact_domain: TEST is an AD domain and we have no inbound trust.
[2011/03/16 10:55:56.466470, 10] winbindd/winbindd_rpc.c:55(query_user_list)
  query_user_list: No incoming trust for domain TEST 

loglevel 3:
log.wb-TEST
[2011/03/16 11:07:23.731615,  3] winbindd/winbindd_cm.c:1633(connection_ok)
  connection_ok: Connection to KLG-PDC1 for domain BINKLG is not connected
[2011/03/16 11:07:23.731717,  3] winbindd/winbindd_cm.c:1736(set_dc_type_and_flags_trustinfo)
  set_dc_type_and_flags_trustinfo: No connection to our domain!
[2011/03/16 11:07:23.742157,  3] winbindd/winbindd_rpc.c:48(query_user_list)
  rpc: query_user_list 

smb.conf
[global]
workgroup = BINKLG
security = domain
netbios name = DW-DEBIAN
username map = /etc/samba/smbusers
log level= 10
syslog = 0
log file = /var/log/samba/%m
max log size = 0
#smb ports = 139
name resolve order = wins bcast hosts
wins server = xx.xx.xx.xx
idmap uid = 10000 - 20000
idmap gid = 10000 - 20000
template shell = /bin/bash
#winbind separator = +
realm = XXX.XXXX.XXX
encrypt passwords = yes
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
allow trusted domains = yes
winbind nested groups = yes
#client use spnego = no
password server = KLG-PDC1

nsswitch.conf 
passwd:         files ldap winbind
group:          files ldap winbind
shadow:         files ldap winbind 
hosts:          files wins dns
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
publickey:    nisplus
netgroup:       files 

libnss_ldap.conf
host xx.xx.xx.xx
base dc=xxx,dc=xxxxx,dc=xxx
binddn cn=Administrator,dc=xxx,dc=xxxxx,dc=xxx
bindpw xxxxxxx
timelimit 50
bind_timelimit 50
bind_policy hard
idle_timelimit 3600
pam_password exop
nss_base_passwd dc=xxx,dc=xxxxx,dc=xxx
nss_base_shadow dc=xxx,dc=xxxxx,dc=xxx
nss_base_group dc=xxx,dc=xxxxx,dc=xxx
ssl off 

Thank you,
Wasil.

More information about the samba mailing list