[Samba] wbinfo -u Don't show users from trusted(ing) domain on domain member server

Bob Miller bob at computerisms.ca
Wed Mar 16 09:58:48 MDT 2011 

Hi,
Did you join your DMS to the domain?



On Wed, 2011-03-16 at 12:35 +0300, Wasil wrote:
> Hi, All!
> 
> I Have Samba (3.5.6) domain witch have trust relations with ADS (Named TEST) Win2008 (2008 domain mode)
> On PDC all working very good.
> I have also Domain Member server in my samba Domain.
> When i trying type wbinfo -u, or  getent passwd on samba PDC (Named BINKLG) I see all, including ADS users.
> When I trying do it on Domain Member Server I don't see users from ADS
> Is it possible to view thats users (from trusted domain) on DMS (not BDC)?
> 
> Samba 3.5.6
> 
> after typing wbinfo -u:
> 
> suspicious strings in log files 
> 
> loglevel 10:
> log.wb-TEST
> [2011/03/16 10:55:56.466417, 10] winbindd/winbindd_util.c:1337(winbindd_can_contact_domain)
>   winbindd_can_contact_domain: TEST is an AD domain and we have no inbound trust.
> [2011/03/16 10:55:56.466470, 10] winbindd/winbindd_rpc.c:55(query_user_list)
>   query_user_list: No incoming trust for domain TEST 
> 
> loglevel 3:
> log.wb-TEST
> [2011/03/16 11:07:23.731615,  3] winbindd/winbindd_cm.c:1633(connection_ok)
>   connection_ok: Connection to KLG-PDC1 for domain BINKLG is not connected
> [2011/03/16 11:07:23.731717,  3] winbindd/winbindd_cm.c:1736(set_dc_type_and_flags_trustinfo)
>   set_dc_type_and_flags_trustinfo: No connection to our domain!
> [2011/03/16 11:07:23.742157,  3] winbindd/winbindd_rpc.c:48(query_user_list)
>   rpc: query_user_list 
> 
> smb.conf
> [global]
> workgroup = BINKLG
> security = domain
> netbios name = DW-DEBIAN
> username map = /etc/samba/smbusers
> log level= 10
> syslog = 0
> log file = /var/log/samba/%m
> max log size = 0
> #smb ports = 139
> name resolve order = wins bcast hosts
> wins server = xx.xx.xx.xx
> idmap uid = 10000 - 20000
> idmap gid = 10000 - 20000
> template shell = /bin/bash
> #winbind separator = +
> realm = XXX.XXXX.XXX
> encrypt passwords = yes
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> allow trusted domains = yes
> winbind nested groups = yes
> #client use spnego = no
> password server = KLG-PDC1
> 
> nsswitch.conf 
> passwd:         files ldap winbind
> group:          files ldap winbind
> shadow:         files ldap winbind 
> hosts:          files wins dns
> networks:       files
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
> publickey:    nisplus
> netgroup:       files 
> 
> libnss_ldap.conf
> host xx.xx.xx.xx
> base dc=xxx,dc=xxxxx,dc=xxx
> binddn cn=Administrator,dc=xxx,dc=xxxxx,dc=xxx
> bindpw xxxxxxx
> timelimit 50
> bind_timelimit 50
> bind_policy hard
> idle_timelimit 3600
> pam_password exop
> nss_base_passwd dc=xxx,dc=xxxxx,dc=xxx
> nss_base_shadow dc=xxx,dc=xxxxx,dc=xxx
> nss_base_group dc=xxx,dc=xxxxx,dc=xxx
> ssl off 
> 
> Thank you,
> Wasil.
> 

Bob Miller
334-7117/660-5315
http://computerisms.ca
bob at computerisms.ca
Network, Internet, Server,
and Open Source Solutions

More information about the samba mailing list