Hi ,
I recently added winbind support to my samba box. My
samba box is member of ADS domain child.parent.com.
Now when I check wbinfo -g or wbinfo -u I am seeing
groups or users of parent.com domain and not
child.parent.com domain. I have added "allow trusted
domain = yes" still no luck. When I try wbinfo
-sequence i see..
parent:12434 {some numbers}
child: DISCONNECT
wonder when my box is member of child how comes its
showing users only of parent comain??
I was searching through google and came to know many
other peoples have also faced same issue but did not
see any solution anywhere.
Box Info:
FreeBSD 5.1 samba 2.2.8a
Thanks,
Gaurang.
__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gaurang Pandya wrote:
| Hi ,
|
| I recently added winbind support to my samba box. My
| samba box is member of ADS domain child.parent.com.
| Now when I check wbinfo -g or wbinfo -u I am seeing
| groups or users of parent.com domain and not
| child.parent.com domain. I have added "allow trusted
| domain = yes" still no luck. When I try wbinfo
| -sequence i see..
|
| parent:12434 {some numbers}
| child: DISCONNECT
|
| wonder when my box is member of child how comes its
| showing users only of parent comain??
|
| I was searching through google and came to know many
| other peoples have also faced same issue but did not
| see any solution anywhere.
|
| Box Info:
| FreeBSD 5.1 samba 2.2.8a
You really need to bump up to 3.0.0 since winbindd
has seen a lot of improvements in this area.
Short of upgrading, you will need to look at a level 10 debug
log from winbindd and figure out when and why winbindd is
disconnecting the sequence number. I would also reommend
- --enable-winbind-ldap-hack when you compile 2.2 if you
are a member of a natiuve mode AD domain.
Good luck.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/2PuhIR7qMdg1EfYRAg04AJ9dkd3ZGmVjADdBjJHcPpcf62AkiwCg3KyB
/NHnDgLXqGeS+vtc1Dj1X/M=iJSQ
-----END PGP SIGNATURE-----
Hi Jerry,
Here is the output for debug level 10. Though there
are so many things there (ofcourse) I am pasting only
few line which I think will give you clue. If you need
any more of those please tel me.
rpc_api_pipe: len left: 0 smbtrans read: 48
rpc_api_pipe: fragment first and last both set
000018 samr_io_r_connect
000018 smb_io_pol_hnd connect_pol
0018 data1: 00000000
001c data2: 00000000
0020 data3: 0000
0022 data4: 0000
0024 data5: 00 00 00 00 00 00 00 00
002c status: NT_STATUS_ACCESS_DENIED
refresh_sequence_number: backend returned 0xc0000022
refresh_sequence_number: seq number is now -1
client_write: wrote 1304 bytes.
client_write: need to write 38 extra data bytes.
client_write: wrote 38 bytes.
client_write: client_write: complete response written.
read failed on sock 11, pid 939: EOF
Thanks,
Gaurang.
--- "Gerald (Jerry) Carter" <jerry@samba.org>
wrote:> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Gaurang Pandya wrote:
> | Hi ,
> |
> | I recently added winbind support to my samba box.
> My
> | samba box is member of ADS domain
> child.parent.com.
> | Now when I check wbinfo -g or wbinfo -u I am
> seeing
> | groups or users of parent.com domain and not
> | child.parent.com domain. I have added "allow
> trusted
> | domain = yes" still no luck. When I try wbinfo
> | -sequence i see..
> |
> | parent:12434 {some numbers}
> | child: DISCONNECT
> |
> | wonder when my box is member of child how comes
> its
> | showing users only of parent comain??
> |
> | I was searching through google and came to know
> many
> | other peoples have also faced same issue but did
> not
> | see any solution anywhere.
> |
> | Box Info:
> | FreeBSD 5.1 samba 2.2.8a
>
> You really need to bump up to 3.0.0 since winbindd
> has seen a lot of improvements in this area.
>
> Short of upgrading, you will need to look at a level
> 10 debug
> log from winbindd and figure out when and why
> winbindd is
> disconnecting the sequence number. I would also
> reommend
> - --enable-winbind-ldap-hack when you compile 2.2 if
> you
> are a member of a natiuve mode AD domain.
>
> Good luck.
>
>
>
> cheers, jerry
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: Using GnuPG with Mozilla -
> http://enigmail.mozdev.org
>
>
iD8DBQE/2PuhIR7qMdg1EfYRAg04AJ9dkd3ZGmVjADdBjJHcPpcf62AkiwCg3KyB> /NHnDgLXqGeS+vtc1Dj1X/M> =iJSQ
> -----END PGP SIGNATURE-----
>
__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/
Hi Jerry, My debug optput looks more or less like this one. http://www.faqchest.com/linux/samba-l/smb-02/smb-0206/smb-020637/smb02063014_20264.html again I dont see any replies to that question :(. By the way I tried configuring samba 3.0.0 with following options --with-smbwrapper --with-ads --with-automount --with-pam --with-pam_smbpass --with-ldapsam --with-winbind --with-included-popt but got few errors/warnings in between and finally it stopped like this.. configure: error: Active Directory Support requires LDAP support though I have openldap installed. Thanks, Gaurang. --- Gaurang Pandya <gaubrig@yahoo.com> wrote:> Hi Jerry, > > Here is the output for debug level 10. Though there > are so many things there (ofcourse) I am pasting > only > few line which I think will give you clue. If you > need > any more of those please tel me. > > rpc_api_pipe: len left: 0 smbtrans read: 48 > rpc_api_pipe: fragment first and last both set > 000018 samr_io_r_connect > 000018 smb_io_pol_hnd connect_pol > 0018 data1: 00000000 > 001c data2: 00000000 > 0020 data3: 0000 > 0022 data4: 0000 > 0024 data5: 00 00 00 00 00 00 00 00 > 002c status: NT_STATUS_ACCESS_DENIED > refresh_sequence_number: backend returned 0xc0000022 > refresh_sequence_number: seq number is now -1 > client_write: wrote 1304 bytes. > client_write: need to write 38 extra data bytes. > client_write: wrote 38 bytes. > client_write: client_write: complete response > written. > read failed on sock 11, pid 939: EOF > > Thanks, > > Gaurang. > > --- "Gerald (Jerry) Carter" <jerry@samba.org> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Gaurang Pandya wrote: > > | Hi , > > | > > | I recently added winbind support to my samba > box. > > My > > | samba box is member of ADS domain > > child.parent.com. > > | Now when I check wbinfo -g or wbinfo -u I am > > seeing > > | groups or users of parent.com domain and not > > | child.parent.com domain. I have added "allow > > trusted > > | domain = yes" still no luck. When I try wbinfo > > | -sequence i see.. > > | > > | parent:12434 {some numbers} > > | child: DISCONNECT > > | > > | wonder when my box is member of child how comes > > its > > | showing users only of parent comain?? > > | > > | I was searching through google and came to know > > many > > | other peoples have also faced same issue but did > > not > > | see any solution anywhere. > > | > > | Box Info: > > | FreeBSD 5.1 samba 2.2.8a > > > > You really need to bump up to 3.0.0 since winbindd > > has seen a lot of improvements in this area. > > > > Short of upgrading, you will need to look at a > level > > 10 debug > > log from winbindd and figure out when and why > > winbindd is > > disconnecting the sequence number. I would also > > reommend > > - --enable-winbind-ldap-hack when you compile 2.2 > if > > you > > are a member of a natiuve mode AD domain. > > > > Good luck. > > > > > > > > cheers, jerry > > > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.2.1 (GNU/Linux) > > Comment: Using GnuPG with Mozilla - > > http://enigmail.mozdev.org > > > > >iD8DBQE/2PuhIR7qMdg1EfYRAg04AJ9dkd3ZGmVjADdBjJHcPpcf62AkiwCg3KyB> > /NHnDgLXqGeS+vtc1Dj1X/M> > =iJSQ > > -----END PGP SIGNATURE----- > > > > > __________________________________ > Do you Yahoo!? > New Yahoo! Photos - easier uploading and sharing. > http://photos.yahoo.com/ > -- > To unsubscribe from this list go to the following > URL and read the > instructions:http://lists.samba.org/mailman/listinfo/samba __________________________________ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/