[Samba] samba 4 member server in WIn 2008 domain, wbinfo fails

Gaiseric Vandal gaiseric.vandal at gmail.com
Tue Dec 23 14:47:06 MST 2014 

I have started tinkering with samba 4.

I have a  Windows 2008 active directory domain  controller.  It is also 
the main DNS server but is not the wins server.   The DNS server does 
NOT allow DNS registration by client machines.

I have a fedora core 19 linux machine with samba 4.1.13  (bundled with 
Fedora.)


smb.conf includes

         security = ads
         realm = MYDOMAIN.COM
         password server = pdc.mydomain.com
         passdb backend = tdbsam
         encrypt passwords = yes
           winbind enum users = yes
           winbind enum groups = yes


krb5.conf includes

    [libdefaults]
    dns_lookup_realm = false
    ticket_lifetime = 24h
    renew_lifetime = 7d
    forwardable = true
    rdns = false
    default_realm = MYDOMAIN.COM
    default_ccache_name = KEYRING:persistent:%{uid}

    [realms]
      EXAMPLE.COM = {
       kdc = kerberos.example.com
       admin_server = kerberos.example.com
      }
      MYYDOMAIN.COM = {
       kdc =pdc.mydomain.com
       admin_server = pdc.mydomain.com
       kpasswd_server =pdc.mydomain.com
       default_domain = mydomain.com
    }

    [domain_realm]
      .mydomain.com = MYDOMAIN.COM
      mydomain.com = MYDOMAIN.COM




The "kinit someuser at MYDOMAIN" command works

I have not set up idmapping yet.   I want to make sure "wbinfo -u" works 
1st.

I have winbind running.  I don't think I need nmbd running.


I temporarily disabled the linux firewall and selinux.


Joined domain


        [root at penguin ~]#  net ads join -U Administrator
        Enter Administrator's password:
        Using short domain name -- MYDOMAIN
        Joined 'PENGUIN' to dns domain 'mydomain.com'
        DNS Update for penguin.mydomain.com failed: ERROR_DNS_GSS_ERROR
        DNS update failed: NT_STATUS_UNSUCCESSFUL
        [root at penguin ~]#

        [root at penguin]# net ads testjoin
        Join is OK
        [root at penguin]#



On the Win 2008 DC, AD U&C shows the linux machine.


wbinfo -u (and any wbinfo command) fails

        [root at penguin /]# wbinfo -u
        Error looking up domain users
        [root at penguin /]# wbinfo -t
        checking the trust secret for domain -not available- via RPC
        calls failed
        failed to call wbcCheckTrustCredentials: WBC_ERR_NOT_IMPLEMENTED
        Could not check secret
        [root at penguin /]# wbinfo -g
        failed to call wbcListGroups: WBC_ERR_NOT_IMPLEMENTED
        Error looking up domain groups
        [root at penguin /]#




The winbind logs show kerberos activity happening.  I don't see any 
obvious errors.  I see the following but I don't think it is an actual 
error


        [2014/12/23 15:38:40.325491,  5]
        ../source3/rpc_client/cli_pipe.c:1864(rpc_pipe_bind_step_two_done)
           We are checking against an old Samba version -
        NT_STATUS_NOT_IMPLEMENTED




Any advice?

Thanks

More information about the samba mailing list