Hello,
I'm using samba 3.0.0.
Win2k clients on my network can access their fileshares without entering
their username/password as long as their username and password exist in
smbpasswd on the Samba server. Now I'm trying to have that information
grabbed from ADS so that their passwords are kept synchronized but am
having problems with winbindd.
winbindd is running but I get nothing from 'wbinfo -u' and 'getent
passwd'
just returns what's in /etc/passwd. 'wbinfo -u' generates a bunch of
SMB,
DCERPC, LDAP and RPC_NETLOGON traffic if I do a tcpdump, but I'm not sure
what a successful sequence would look like.
[root@dev pam.d]# wbinfo -p
Ping to winbindd succeeded on fd 4
[root@dev pam.d]# wbinfo -u
Error looking up domain users
Results of a 'kinit' on same machine (not sure if relevant):
[mcparlandm@dev samba]$ kinit
Password for mcparlandm@AGR.GC.CA:
[mcparlandm@dev samba]$ ls -l /tmp/k*
-rw------- 1 mcparlandm mcparlandm 1296 Dec 10 11:28 /tmp/krb5cc_531
Selected contents of nsswitch.conf:
passwd: files winbind
shadow: files
group: files winbind
Contents of smb.conf:
[global]
workgroup = DEV
realm = DEV.CA
server string = Dev File Server
security = ADS
password server = onncrx1
log level = 10
log file = /var/log/samba/%m.log
max log size = 0
preferred master = No
local master = No
domain master = No
enhanced browsing = No
dns proxy = No
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind use default domain = Yes
>From winbindd.log:
[2003/12/10 11:38:43, 6] nsswitch/winbindd.c:new_connection(340)
accepted socket 16
[2003/12/10 11:38:43, 10] nsswitch/winbindd.c:winbind_client_read(455)
client_read: read 1568 bytes. Need 0 more for a full request.
[2003/12/10 11:38:43, 10] nsswitch/winbindd.c:process_request(305)
process_request: request fn INTERFACE_VERSION
[2003/12/10 11:38:43, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(231)
[24138]: request interface version
[2003/12/10 11:38:43, 10] nsswitch/winbindd.c:client_write(502)
client_write: wrote 1300 bytes.
[2003/12/10 11:38:43, 10] nsswitch/winbindd.c:winbind_client_read(455)
client_read: read 1568 bytes. Need 0 more for a full request.
[2003/12/10 11:38:43, 10] nsswitch/winbindd.c:process_request(305)
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2003/12/10 11:38:43, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(267)
[24138]: request location of privileged pipe
[2003/12/10 11:38:43, 10] nsswitch/winbindd.c:client_write(502)
client_write: wrote 1300 bytes.
[2003/12/10 11:38:43, 10] nsswitch/winbindd.c:client_write(547)
client_write: need to write 37 extra data bytes.
[2003/12/10 11:38:43, 10] nsswitch/winbindd.c:client_write(502)
client_write: wrote 37 bytes.
[2003/12/10 11:38:43, 10] nsswitch/winbindd.c:client_write(536)
client_write: client_write: complete response written.
[2003/12/10 11:38:43, 6] nsswitch/winbindd.c:new_connection(340)
accepted socket 20
[2003/12/10 11:38:43, 10] nsswitch/winbindd.c:winbind_client_read(455)
client_read: read 0 bytes. Need 1568 more for a full request.
[2003/12/10 11:38:43, 5] nsswitch/winbindd.c:winbind_client_read(462)
read failed on sock 16, pid 24138: EOF
[2003/12/10 11:38:43, 10] nsswitch/winbindd.c:winbind_client_read(455)
client_read: read 1568 bytes. Need 0 more for a full request.
[2003/12/10 11:38:43, 10] nsswitch/winbindd.c:process_request(305)
process_request: request fn LIST_USERS
[2003/12/10 11:38:43, 3] nsswitch/winbindd_user.c:winbindd_list_users(585)
[24138]: list users
[2003/12/10 11:38:43, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(342)
refresh_sequence_number: DEV time ok
[2003/12/10 11:38:43, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(367)
refresh_sequence_number: DEV seq number is now -1
[2003/12/10 11:38:43, 10] nsswitch/winbindd.c:client_write(502)
client_write: wrote 1300 bytes.
[2003/12/10 11:38:43, 10] nsswitch/winbindd.c:winbind_client_read(455)
client_read: read 0 bytes. Need 1568 more for a full request.
[2003/12/10 11:38:43, 5] nsswitch/winbindd.c:winbind_client_read(462)
read failed on sock 20, pid 24138: EOF
--
Matt McParland