[Samba] Problem with Winbind and Windows Clients

Oliver Werner oliver.werner at kontrast.de
Thu Mar 17 11:59:46 UTC 2016


Hi Louis,

I will try it today.

So i saw in Logs some error like this.

[2016/03/17 11:44:16.406677,  3] ../source3/winbindd/winbindd_rpc.c:303(rpc_name_to_sid)
  name_to_sid: UNIX GROUP\KONTRAST_INTERN for domain UNIX GROUP
[2016/03/17 11:44:16.406857,  2] ../source3/winbindd/winbindd_rpc.c:320(rpc_name_to_sid)
  name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED



Any Idea?

Greetz,
Oliver



OLIVER WERNER
System-Administrator




Kontrast Communication Services GmbH
Grafenberger Allee 100, 40237 Düsseldorf, Germany

Fon  +49-211-91505-500
Fax +49-211-91505-530
www.kontrast.de <http://www.kontrast.de/>

Amtsgericht Düsseldorf: HRB 26934
Geschäftsführer: Joachim Fischer, Anja Grote-Lutter, Leontine van der Vlist

 <https://www.facebook.com/kontrast.communication>     <https://twitter.com/KONTRAST_de>     <http://www.xing.com/companies/kontrastcommunicationservicesgmbh>     <http://www.linkedin.com/company/kontrast-communication-services-gmbh>     <https://vimeo.com/kontrastcs>     <http://instagram.com/kontrast_de>

> Am 15.03.2016 um 11:10 schrieb L.P.H. van Belle <belle at bazuin.nl>:
> 
> Ok, next test.
> 
> Change :
> kerberos method = secrets and keytab
> to
> kerberos method = secrets
> 
> and wait again.
> 
> I'll explain by giving this link.
> http://changelogs.ubuntu.com/changelogs/pool/main/s/samba/samba_4.3.6+dfsg-1ubuntu1/changelog
> 
> Look at the last line bugfix in this change log of 4.3.6.
> Im testing here also, because this looks like its also involves the kerberos changes, now, i forgot what you was running, but this is an easy test.
> 
> Is ntp installed on this machine, if not, install it and point it to the DC.
> Just to be sure.
> On the DC's, make sure your DC dont use any pool ntp servers.
> Point it to a stable ntp. ( preffered in germany, like, ntps1-0.eecsit.tu-berlin.de (130.149.17.21) )
> 
> 
> Greetz,
> 
> Louis
> 
> 
> 
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Oliver Werner
>> Verzonden: dinsdag 15 maart 2016 10:43
>> Aan: Rowland penny
>> CC: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Problem with Winbind and Windows Clients
>> 
>> Hi,
>> 
>> So now i have same Problem with Logins.
>> 
>> On Linux AD member i need to restart win bind again and again for working
>> samba shares.
>> On Windows clients i need to restart machine completely
>> 
>> so now i don?t have any idea
>> 
>> kind regards
>> 
>> OLIVER WERNER
>> System-Administrator
>> 
>> 
>> 
>> 
>> Kontrast Communication Services GmbH
>> Grafenberger Allee 100, 40237 Düsseldorf, Germany
>> 
>> Fon  +49-211-91505-500
>> Fax +49-211-91505-530
>> www.kontrast.de <http://www.kontrast.de/>
>> 
>> Amtsgericht Düsseldorf: HRB 26934
>> Geschäftsführer: Joachim Fischer, Anja Grote-Lutter, Leontine van der
>> Vlist
>> 
>> <https://www.facebook.com/kontrast.communication>
>> <https://twitter.com/KONTRAST_de>
>> <http://www.xing.com/companies/kontrastcommunicationservicesgmbh>
>> <http://www.linkedin.com/company/kontrast-communication-services-gmbh>
>> <https://vimeo.com/kontrastcs>     <http://instagram.com/kontrast_de>
>> 
>>> Am 11.03.2016 um 10:52 schrieb Oliver Werner
>> <oliver.werner at kontrast.de>:
>>> 
>>> Ok, now my smb.con on DCs looks
>>> 
>>> [global]
>>>  workgroup = HQKONTRAST
>>>  realm = HQ.KONTRAST
>>>  netbios name = VL0227
>>>  server role = active directory domain controller
>>>  idmap_ldb:use rfc2307 = yes
>>>  interfaces = eth0:35
>>>  bind interfaces only=yes
>>>  log level = 3
>>> 
>>>  tls enabled  = yes
>>>  tls keyfile  = /var/lib/samba/private/tls/key.pem
>>>  tls certfile = /var/lib/samba/private/tls/cert.pem
>>>  tls cafile   = /var/lib/samba/private/tls/ca.pem
>>> 
>>> 
>>> on Member smb.conf
>>> [global]
>>>      netbios name = VL0173
>>>      security = ADS
>>>      workgroup = HQKONTRAST
>>>      realm = hq.kontrast
>>> 
>>>      log file = /var/log/samba/%m.log
>>>      log level = 3
>>> 
>>>      dedicated keytab file = /etc/krb5.keytab
>>>      kerberos method = secrets and keytab
>>>      winbind refresh tickets = yes
>>> 
>>>      winbind trusted domains only = no
>>>      winbind use default domain = yes
>>>      winbind enum users  = yes
>>>      winbind enum groups = yes
>>>      winbind cache time = 300
>>> 
>>> 
>>>      # Default idmap config used for BUILTIN and local accounts/groups
>>>      idmap config *:backend = tdb
>>>      idmap config *:range = 500-1023
>>> 
>>>      # idmap config for domain HQKONTRAST
>>>      idmap config HQKONTRAST:backend = ad
>>>      idmap config HQKONTRAST:schema_mode = rfc2307
>>>      idmap config HQKONTRAST:range = 1024-99999
>>> 
>>>      # Use settings from AD for login shell and home directory
>>>      winbind nss info = rfc2307
>>> 
>>> and on all machines krb5.conf
>>> [libdefaults]
>>> default_realm = HQ.KONTRAST
>>> dns_lookup_realm = false
>>> dns_lookup_kdc = true
>>> 
>>> I will test it next days.
>>> 
>>> Thanks for help right now :D
>>> 
>>> kind regards
>>> OLIVER WERNER
>>> System-Administrator
>>> 
>>> 
>>> 
>>> 
>>> 
>>> Kontrast Communication Services GmbH
>>> Grafenberger Allee 100, 40237 Düsseldorf, Germany
>>> 
>>> Fon  +49-211-91505-500
>>> Fax  +49-211-91505-530
>>> www.kontrast.de <http://www.kontrast.de/>
>>> 
>>> Amtsgericht Düsseldorf: HRB 26934
>>> Geschäftsführer: Joachim Fischer, Anja Grote-Lutter, Leontine van der
>> Vlist
>>> 
>>> <https://www.facebook.com/kontrast.communication>
>> <https://twitter.com/KONTRAST_de>
>> <http://www.xing.com/companies/kontrastcommunicationservicesgmbh>
>> <http://www.linkedin.com/company/kontrast-communication-services-gmbh>
>> <https://vimeo.com/kontrastcs>     <http://instagram.com/kontrast_de>
>>> 
>>> Note: The information contained in this message may be privileged and
>> confidential and protected from disclosure. If the reader of this message
>> is not the intended recipient, or an employee or agent responsible for
>> delivering this message to the intended recipient, you are hereby notified
>> that any dissemination, distribution or copying of this communication is
>> strictly prohibited. If you have received this communication in error,
>> please notify us immediately by replying to the message and deleting it
>> from your computer.
>>> 
>>> Please consider the environment and only print this if required.
>>> 
>>> 
>>>> Am 11.03.2016 um 10:47 schrieb Rowland penny <rpenny at samba.org>:
>>>> 
>>>> On 11/03/16 09:40, Oliver Werner wrote:
>>>>> Haha, really? :D
>>>>> 
>>>>> It should be possible without reboot not?
>>>>> 
>>>>> OLIVER WERNER
>>>>> System-Administrator
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>> 
>>>> Yes, remove the kdc lines :-D
>>>> 
>>>> Rowland
>>>> 
>>>> 
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>> 
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>> 
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.samba.org/pipermail/samba/attachments/20160317/a1bd3cd7/signature.sig>


More information about the samba mailing list