[Samba] winbind Problems with Trusted DOMAINs - wbinfo -m show only 3 of 16 DOMAINs - Windows 2008 DOMAIN
Schneck, Dennis
dennis.schneck at schulergroup.com
Thu Jun 2 05:07:27 UTC 2016
Hello,
i need help with TRUSTED DOMAINs Problem.
We have 2 OpenSuSE Systems but one of them show only 3 DOMAINs, and the
other show: 16 DOMAINs with wbinfo -m
System: OpenSuSE 11.1
SAMABA Version: 3.2.7-11.4.1
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2009-01-08
[global]
#workgroup = WORKGROUP
workgroup = MYDOMAIN
realm = NET.MYDOMAIN.DE
security = ADS
password server = adsrv01.net.mydomain.de,adsrv02.net.mydomain.de
encrypt passwords = yes
#winbind separator = \
winbind enum users = yes
winbind use default domain = no
winbind enum groups = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
#idmap uid = 16777216-33554431
#idmap gid = 16777216-33554431
#printing = cups
#printcap name = cups
#printcap cache time = 750
#cups options = raw
#map to guest = Bad User
#include = /etc/samba/dhcp.conf
#template homedir = /home/%D/%U
#usershare allow guests = No
winbind refresh tickets = yes
template homedir = /home/%D/%U
usershare allow guests = No
[libdefaults]
# default_realm = EXAMPLE.COM
default_realm = NET.MYDOMAIN.DE
clockskew = 300
dns_lookup_realm = false
dns_lookup_kdc =false
[realms]
net.mydomain.de = {
kdc = adsrv01.net.mydomain.de
admin_server = adsrv01.net.mydomain.de
default_domain = net.mydomain.de
}
[domain_realm]
.net.mydomain.de = NET.MYDOMAIN.DE
net.mydomain.de = NET.MYDOMAIN.DE
[kdc]
profile = /var/lib/kerberos/krb5kdc/kdc.conf
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = /var/log/krb5/krb5libs.log
default = SYSLOG:NOTICE:DAEMON
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
proxiable = false
#minimum_uid = 1
#external = sshd
#use_shmem = sshd
}
# wbinfo --own-domain
MYDOMAIN
# wbinfo -t
checking the trust secret via RPC calls succeeded
wbinfo -g shows the Groups of MYDOMAIN
wbinfo -u shows the Users of MYDOMAIN
# wbinfo --getdcname=MYDOMAIN
Could not get dc name for domainname
Now Firewall is active:
# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DNS works, ping adsrv01.net.mydomain.de or adsrv02.net.mydomain.de works.
Got this infos from AD Admin:
Windows Servers: Windows 2008 R2 (STD)
ADS Schema Version: 47
DOMAIN MODE: Windows2008Domain
NAME: ADSRV01, ADSRV02
How to find the Problem ?
In the Log files:
/var/log/samba/log.winbindd
[2016/06/02 06:26:59, 1] winbindd/winbindd_util.c:trustdom_recv(269)
Could not receive trustdoms
/var/log/samba/log.wb-MYDOMAIN
[2016/06/02 06:11:35, 0] rpc_client/cli_pipe.c:rpc_api_pipe(789)
rpc_api_pipe: Remote machine adsrv01.net.mydomain.de pipe \NETLOGON
fnum 0x8002 returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
/var/log/samba/log.smbd
[2016/06/01 15:36:09, 0] libads/kerberos.c:ads_kinit_password(356)
kerberos_kinit_password adsrv01$@NET.MYDOMAIN.DE failed: Cannot find
KDC for requested realm
--------------------
The System that work has: OpenSuSE 11.2 with Samba: 3.4.2-1.1.3.1
this System show all 16 DOMAINs with: wbinfo -m
wbinfo --getdcname=MYDOMAIN
ADSRV02
The config files are copied from the System the did not work correctly.
So they should be the same.
Thanks
Regards
Dennis
More information about the samba
mailing list