subject:"\[Samba\] RE\: winbind\/wbinfo not pulling info from W2K AD PDC"

[Samba] RE: winbind/wbinfo not pulling info from W2K AD PDC

2004-04-28 Thread Talwar, Puneet (NIH/NIAID)

HI,
 
I saw your e-mail on the web and I am having exactly the same problem
running Red Hat AS 3.0.  can you please let me know what security parameter
you have changed in smb.conf to get wbinfo to work properly with -u -t  -g
and as well getent option.
 
Thanks,
 
--
Puneet Talwar
Contractor - CIPS
UNIX Administrator
 
 
A bit of success! I've change the security parameter in smb.conf to domain
and the windbind pipe is created OK and running wbinfo -u -g -t -p and
getent is all good. Obviously this doesn't give me full AD support but it's
better than nothing.
I can only think that because we have multiple DC's for different domains on
our WAN winbindd wasn't starting correctly as it was in the process of still
scanning them - looking at log.winbindd at one point it didn't come back for
close to 4 hours after the process was started.
Does anyone know if there is any way to configure samba/winbind to only
connect to the local AD domain rather than hunting down all the DC's in
every domain.
Thanks
 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] RE: winbind/wbinfo not pulling info from W2K AD PDC

2004-04-28 Thread Talwar, Puneet (NIH/NIAID)

HI,

I am sorry I forgot to post the problem that I am having.  It is the same
issue who posted this e-mail originally. Please let me know what should I do
to fix the problem that I am having. 

Edit /etc/samba/smb.conf
[global]
realm = KERBEROS.REALM
security = ADS
encrypt passwords = yes
password server = kerberos.server
Edit /etc/krb5.conf
[libdefaults]
default_realm = KERBEROS.REALM

[realms]
KERBEROS.REALM = {
kdc = kerberos.server   - should :88 be appended to
this line?
}
[domain_realms]
.kerberos.server=KERBEROS.REALM
#net ads join -U administrator
password:
Joined 'SERVERNAME' to realm 'DOMAIN'
#kinit administrator at KERBEROS.REALM
password:
#smbclient //servername/share -k
smb // 
Up to here everything is OK and the server account can be seen in AD.
#ls -l /lib | grep libnss_winbind
libnss_winbind.so - libnss_winbind.so.2
Edit /etc/nsswitch.conf
passwd: files winbind
shadow: files
group:  files winbind
#ldconfig -v | grep winbind
libnss_winbind.so - libnss_winbind.so.2
Edit /etc/samba/smb.conf
[global]
realm = KERBEROS.REALM
security = ADS
encrypt passwords = yes
password server = kerberos.server
winbind separator = +
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
#testparm
Load smb config file from /etc/samba/smb.conf
Loaded services file OK
'winbind separator = +' might cause problems with group membership
server role: ROLE_DOMAIN_MEMBER
#net rpc join -S PDC -U administrator
password:
Joined domain DOMAIN
#winbindd -B
# wbinfo -u
Error looking up domain
#wbinfo -g
Error looking up domain
# wbinfo -t
Checking the trust secret vi RPC calls failed
Error code was (0x0)
Could not check secret
#wbinfo -p
Ping to winbindd failed on fd-1
Could not pin winbindd!
# ps -ae | grep winbindd
PID winbind
PID winbind

This is the output from /var/log/samba/log.winbind
[2004/02/13 13:35:47, 1] nsswitch/winbindd.c:main(843)
  winbindd version 3.0.2 started.
  Copyright The Samba Team 2000-2004
[2004/02/13 13:35:47, 0] libsmb/cliconnect.c:cli_session_setup_spnego(724)
  Kinit failed: Preauthentication failed
[2004/02/13 13:35:47, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
  Added domain INFORMA-UK uk.informa.com
S-1-5-21-1547161642-839522115-68200333
0
[2004/02/13 13:35:47, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
  krb5_cc_get_principal failed (No credentials cache found)
[2004/02/13 13:35:47, 0] libads/kerberos.c:ads_kinit_password(133)
  kerberos_kinit_password HOST/data-cl2a at UK.INFORMA.COM failed:
Preauthenticati
on failed
[2004/02/13 13:35:47, 1] nsswitch/winbindd_ads.c:ads_cached_connection(65)
  ads_connect for domain INFORMA-UK failed: Preauthentication failed
[2004/02/13 13:35:47, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
  krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot find KDC
for
requested realm)
[2004/02/13 13:35:47, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(516)
  spnego_gen_negTokenTarg failed: Cannot find KDC for requested realm
[2004/02/13 13:35:47, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
  Added domain INFORMA informa.com S-1-5-21-872949640-2421699758-2984176268
[2004/02/13 13:35:48, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
  Added domain DEFAULT  S-1-5-21-2136767079-1738235858-945835055
[2004/02/13 13:35:49, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
  Added domain AGRA_UK  S-1-5-21-591026277-1029915393-619646970
[2004/02/13 13:35:50, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
  Added domain MRC_UK  S-1-5-21-1670978810-1498184290-1845911597
[2004/02/13 13:35:50, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
  Added domain LLP  S-1-5-21-2047764551-82006601-1874078741
[2004/02/13 13:35:51, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
  Added domain CODA  S-1-5-21-1310659078-2099469345-1236795852
[2004/02/13 13:35:52, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
  Added domain INFORMA_ASIA  S-1-5-21-1008349960-465597267-314601362
[2004/02/13 13:35:53, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
  Added domain TEST.COM  S-0-0
[2004/02/13 13:35:53, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
  krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot find
KDC for requested realm)
[2004/02/13 13:35:53, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(516)
  spnego_gen_negTokenTarg failed: Cannot find KDC for requested realm
[2004/02/13 13:35:53, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
  Added domain AGRA agra.informa.com
S-1-5-21-1801674531-2139871995-1177238915
[2004/02/13 13:35:53, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
  krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot find
KDC for requested realm)
[2004/02/13 13:35:53, 1]

[Samba] RE: winbind/wbinfo not pulling info from W2K AD PDC

2004-02-17 Thread Gibbs, Simon

A bit of success! I've change the security parameter in smb.conf to domain and the 
windbind pipe is created OK and running wbinfo -u -g -t -p and getent is all good. 
Obviously this doesn't give me full AD support but it's better than nothing.
I can only think that because we have multiple DC's for different domains on our WAN 
winbindd wasn't starting correctly as it was in the process of still scanning them - 
looking at log.winbindd at one point it didn't come back for close to 4 hours after 
the process was started.
Does anyone know if there is any way to configure samba/winbind to only connect to the 
local AD domain rather than hunting down all the DC's in every domain.
Thanks

 --
 From: Gibbs, Simon
 Sent: Friday, February 13, 2004 13:51 PM
 To:   '[EMAIL PROTECTED]'
 Subject:  winbind/wbinfo not pulling info from W2K AD PDC
 
 I've had a further look at this now and a hunt through some mail lists and I think 
 it must have something to do with the windbind pipe in /tmp/.windbind/pipe. From 
 what I understand it's the pipe that passes the windbind info onto other processes - 
 although I may be wrong?
 Looking at my setup the pipe file isn't being created when starting winbind and 
 after a full reboot and starting winbind it doesn't get created.
 Does anyone know why the pipe file isn't being created or a way to force the 
 creation of the file??
 I've checked permissions for the /tmp/.winbind directory and they're 755 and 
 root:root.
  
 Thanks again.
-- 
 From: Gibbs, Simon
 Sent: Friday, February 13, 2004 13:51 PM
 To:   '[EMAIL PROTECTED]'
 Subject:  winbind/wbinfo not pulling info from W2K AD PDC
 
 Hi list,
 
 I have samba-3.0.2-2 rpm installed on Redhat Enterprise Linux 3 AS kernel version.
 I've been using the Samba 3  How-To and messages on various mailing lists to join 
 Samba to an AD domain and authenticate using winbind/pam.
 So far Samba has successfully become a member of the AD domain and can browse file 
 servers using smbclient but I haven't been able to get winbind working - 
 specifically wbinfo -u, wbinfo -g and wbinfo -t return errors.
 Below is a dump of the install/configuration process so far and the relevant config 
 files.
 Any help on this is much appreciated as I've spent 3 days trying to get it to work 
 and it refuses to for love nor money!
 
 
 




The information contained in this email message may be confidential. If you are not 
the intended recipient, any use, interference with, disclosure or copying of this 
material is unauthorised and prohibited. Although this message and any attachments are 
believed to be free of viruses, no responsibility is accepted by Informa for any loss 
or damage arising in any way from receipt or use thereof.  Messages to and from the 
company are monitored for operational reasons and in accordance with lawful business 
practices. 
If you have received this message in error, please notify us by return and delete the 
message and any attachments.  Further enquiries/returns can be sent to [EMAIL 
PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] RE: winbind/wbinfo not pulling info from W2K AD PDC

RE: [Samba] RE: winbind/wbinfo not pulling info from W2K AD PDC

[Samba] RE: winbind/wbinfo not pulling info from W2K AD PDC

3 matches

Site Navigation

Mail list logo

Footer information