Problem is solved! Actually there were 2 problems. First, I noticed that winbind tried to resolve a servername which is no longer PDC in the trusted domain - we changed PDC and BDC some months ago. Don't know where samba gets this (wrong) information from. So I tried a workaround by adding an entry in lmhosts with the wrong servername (the one winbind is looking for) but the correct ip-address of the PDC. In fact this worked fine with our test system but not with the production server, though configuration was indentical execpt the sw-release of samba itself. Finally I upgraded 3.0.9-2.6 to 3.0.14a-0.1 and now everything is fine!
Gerald (Jerry) Carter wrote: > Grund, Andreas wrote: >> I have a problem with winbind resolving global groups on a >> trusted NT Domain. I want to use SQUID and NTLM >> Authentification and therefore the external authentification >> helper needs to check if a user belongs to a given group. >> When I do 'windbind -r DOMAIN+USER GROUP', only groups of >> the local domain are listed. It seems as if winbind couldn't >> find a domain controller for the trusted domain: 'wbinfo >> --sequence' shows the trusted domain disconnected. Debugging >> winbindd does show following errors: >> >> wbinfo --sequence => >> [..] >> bind_rpc_pipe: transfer syntax differs >> rpc_pipe_bind: check_bind_response failed. >> [..] > > This is they key error message. Can you send me a raw > ethereal trace and a level 10 debug log surrounduing this > error? Thanks. > >> Samba Version: 3.0.9-2.6-SUSE >> 2 NT4 SP6 Servers acting as PDC for 2 trusted Domains > > > > > > cheers, jerry > ===================================================================== > Alleviating the pain of Windows(tm) ------- > http://www.samba.org GnuPG Key ----- > http://www.plainjoe.org/gpg_public.asc "I never saved > anything for the swim back." Ethan Hawk in Gattaca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba