I've got a Samba 3.0.4 PDC, named PDC, running on a Debian linux box, and I'm trying to add a second linux box, FCSPRTSRV. I can successful join the domain using net rpc join -U dharknes and at the point I can access the samba server resources, I can do a ntlm_auth --username dharknes and that works, and wbinfo -t succeeds. But if I try to use winbind in pam or nss then it fails. wbinfo -u or -g both fail and wbinfo -m lists BUILTIN and FCSPRTSRV but not the UMD domain. If I do a winbind -i then I get the following out put.
Added domain UMD S-0-0 Added domain BUILTIN S-1-5-32 Added domain FCSPRTSRV S-1-5-21-3155517584-1503604126-1704732448
I'm just guessing but shouldn't the first line list the sid for the domain?
Here is the PDC config.
[global]
workgroup = UMD
netbios name = PDC
password server = *
nt status support = yes
lanman auth = no
wide links = no
time server = Yes
server signing = auto
load printers = No
add machine script = /usr/sbin/dadduser %m$
domain logons = Yes
os level = 36
security = user
local master = Yes
preferred master = Yes
domain master = Yes
wins server = x1d.its.umd.umich.edu
idmap uid = 100000-200000
idmap gid = 100000-200000
winbind trusted domains only = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192Here is the domain member server config. [global]
workgroup = UMD wins server = x1d.its.umd.umich.edu name resolve order = host wins encrypt passwords = yes security = DOMAIN password server = PDC invalid users = root printing = cups printcap name = cups socket options = TCP_NODELAY idmap uid = 100000-200000 idmap gid = 100000-200000 winbind enum users = yes winbind enum groups = yes winbind separator = + winbind cache time = 15 winbind use default domain = yes template shell = /bin/bash
It is easier to fix Unix than to live with NT.
PGP.sig
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
