[Samba] Re : Problem with Winbind

djamel boussebha dboussebha at yahoo.fr
Thu Nov 17 04:09:59 MST 2011

I would like to set the file /etc/krb5.keytab  for apache :
# net ads keytab add HTTP -U compte_admin_dom1
Processing principals to add...
Enter administrateur's password:
# ktutil
ktutil:  l
slot KVNO Principal
---- ---- ---------------------------------------------------------------------

The file is empty ?
May be that this problem is linked to the command "net ads" ? because when I try to join the AD :
# net ads join -U administrateur at P9BIS.NEOPLUS.LAPOSTE.POC
Enter administrateur at P9BIS.NEOPLUS.LAPOSTE.POC's password:
Failed to join domain: failed to find DC for domain P9BIS.NEOPLUS.LAPOSTE.POC
But with "rpc" it works :
# net rpc join -U administrateur at P9BIS.NEOPLUS.LAPOSTE.POC
Enter administrateur at P9BIS.NEOPLUS.LAPOSTE.POC's password:
Joined domain P9BIS.
When I execute :  # net ads info - U administrateur
Failed to get server's current time!
LDAP server:
LDAP server name: CINVW067.p9bis.neoplus.laposte.poc
Bind Path: dc=P9BIS,dc=NEOPLUS,dc=LAPOSTE,dc=POC
LDAP port: 389
Server time: Thu, 01 Jan 1970 01:00:00 CET
KDC server:

And # net rpc info -U administrateur
Enter administrateur's password:
Domain Name: P9BIS
Domain SID: S-1-5-21-254703050-2859693384-3493432365
Sequence number: 1
Num users: 50
Num domain groups: 0
Num local groups: 12
The 2 commands # wbinfo -u  and wbinfo -g no returns any values for users/groups ?
The kinit works fine :
 # kinit administrateur at P9BIS.NEOPLUS.LAPOSTE.POC
Password for administrateur at P9BIS.NEOPLUS.LAPOSTE.POC:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrateur at P9BIS.NEOPLUS.LAPOSTE.POC
Valid starting     Expires            Service principal
11/17/11 12:05:00  11/17/11 22:05:03  krbtgt/P9BIS.NEOPLUS.LAPOSTE.POC at P9BIS.NEOPLUS.LAPOSTE.POC
        renew until 11/18/11 12:05:00

Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
Impossible to join the AD serveur with "ads" :
# net ads testjoin
Join to domain is not valid: Operations error
# net rpc testjoin
Join to 'P9BIS' is OK
How make work correctly the "ads" and how get the list of users of the AD domain ?

Any help would be very appreciated.



--- En date de : Mer 16.11.11, djamel boussebha <dboussebha at yahoo.fr> a écrit :

De: djamel boussebha <dboussebha at yahoo.fr>
Objet: Problem with Winbind
À: "samba at lists.samba.org" <samba at lists.samba.org>, "foedisch at eva.mpg.de" <foedisch at eva.mpg.de>, "AndrewPhilipoff" <aphilipoff at medicine.ucsf.edu>
Date: Mercredi 16 novembre 2011, 17h24

wbinfo can not get the user names and group names of my AD domain (Windows 2008 SP2)
The result for "wbinfo -t" is ok :
"checking the trust secret for domain P9BIS via RPC calls succeeded"
But when i try to get wbinfo -n "USER1" or wbinfo -r "USER1" it shows this error message:  "Could not lookup name USER1"
I use Samba version : 3.5.12.

Any help would be very appreciated... thanks to anyone!

More information about the samba mailing list