samba - Feb 2006 - Confused about what I am seeing with domain names

I could not get wbinfo -g/u to work and was seeing a bunch of errors
related to to not being able to enumerate groups.  I saw somebody use
idmap backend = ad and added this since I have been struggling to get ad
working (still not working).  Now, when I run wbinfo -g/-u, I am getting
groups and users, but the domain it shows is different than what I
expected.  My domain I was using for workgroup line is DOMAIN, for
example, but wbinfo -g returns back:
 
DOMAIN_NETWORK/group
 
Is _NETWORK something that samba added, or is theis the name of the
domain I should really be using?  I did a grep on wbinfo -u for my user,
and it returned my user too.  If my domain is actually DOMAIN_NETWORK,
is it possible my realm is not domain.com but domain_network.com or
something weird like that?  Should I change my workgroup line to use
domain_network?  I still can't get my kinit to find my kdc.  I am
wondering if I clear this up maybe my kdc kinit command will work.  Note
that I did ask my nt admin to run dns nslookup checks on
_ldap.domain.com and _kerberos.domain.com, and those did return the
correct results showing domain.com should be my realm.  
 
David
 
 
 
David Shapiro
Unix Team Lead
919-765-2011

David,

Please post your smb.conf / nsswitch.conf/krb5.conf

What are you trying to achieve? Joining a samba server to a Windows AD 
domain?

Please provide some more information.

Thx.

Regards,

Nico


----- Original Message ----- 
From: "David Shapiro" <David.Shapiro@bcbsnc.com>
To: <samba@lists.samba.org>
Sent: Friday, February 03, 2006 3:49 PM
Subject: [Samba] Confused about what I am seeing with domain names

>I could not get wbinfo -g/u to work and was seeing a bunch of errors
> related to to not being able to enumerate groups.  I saw somebody use
> idmap backend = ad and added this since I have been struggling to get ad
> working (still not working).  Now, when I run wbinfo -g/-u, I am getting
> groups and users, but the domain it shows is different than what I
> expected.  My domain I was using for workgroup line is DOMAIN, for
> example, but wbinfo -g returns back:
>
> DOMAIN_NETWORK/group
>
> Is _NETWORK something that samba added, or is theis the name of the
> domain I should really be using?  I did a grep on wbinfo -u for my user,
> and it returned my user too.  If my domain is actually DOMAIN_NETWORK,
> is it possible my realm is not domain.com but domain_network.com or
> something weird like that?  Should I change my workgroup line to use
> domain_network?  I still can't get my kinit to find my kdc.  I am
> wondering if I clear this up maybe my kdc kinit command will work.  Note
> that I did ask my nt admin to run dns nslookup checks on
> _ldap.domain.com and _kerberos.domain.com, and those did return the
> correct results showing domain.com should be my realm.
>
> David
>
>
>
> David Shapiro
> Unix Team Lead
> 919-765-2011
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

David,

Can you add the following lines to your krb5.conf:

[realms]
DOMAIN.COM = {
  kdc = ip.of.your.dc:88
  admin_server = ip.of.your.dc:749
  default_domain = domain.com
 }

Regards,

Nico
  ----- Original Message ----- 
  From: David Shapiro 
  To: Nico Wilde 
  Sent: Friday, February 03, 2006 4:50 PM
  Subject: Re: [Samba] Confused about what I am seeing with domain names


  I am trying to get a aix samba server to join an ads domain. I think I see
what the DOMAIN_NETWORK is.  wbinfo -D for it shows it is not an ads server
whereas the DOMAIN one is an ads server.  That one is not showing information
because kerberos cannot find the kdc for some reason that I can't figure
out.  It does have SRV records in dns.

  Here is the krb5.conf file I am using:

  mit krb5:

  [libdefaults]
          default_realm = DOMAIN.COM

  [realms]
          DOMAIN.COM = {
                  kdc = adsserver.domain.com
                  admin_server = adsserver.domain.com
          }

  [domain_realm]
          .domain.com = DOMAIN.COM
          domain.com = DOMAIN.COM

  [logging]
          kdc = CONSOLE


  smb.conf:

  [global]
          workgroup = DOMAIN
          netbios name = sambaserver
          socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
          idmap uid = 10000-20000
          idmap gid = 10000-20000
          idmap backend = ad
          # os level = 65
          winbind enum users = yes
          winbind enum groups = yes
          #winbind uid = 10000-20000
          #winbind gid = 10000-20000
          winbind separator = /
          encrypt passwords = yes
          server string = samba server
          security = ADS
          # security = domain
          realm = DOMAIN.COM
          password server = adsserver.domain.com
          preferred master = no
          log file = /usr/local/samba/var/log.%m
          log level = 10
          max log size = 50
          local master = No
          dns proxy = No
          wins server = wins02 wins03
          wins proxy = no
          name resolve order = hosts wins lmhosts bcast
          aio read size = 1
          aio write size = 1
          template homedir = /home/winnt/%D/%U
          template shell = /bin/bash

  [homes]
          path = /home/%u
          read only = No


  David Shapiro
  Unix Team Lead
  919-765-2011

  >>> "Nico De Wilde" <nico@openix.be> 2/3/2006 9:55:15
AM >>>

  David,

  Please post your smb.conf / nsswitch.conf/krb5.conf

  What are you trying to achieve? Joining a samba server to a Windows AD 
  domain?

  Please provide some more information.

  Thx.

  Regards,

  Nico


  ----- Original Message ----- 
  From: "David Shapiro" <David.Shapiro@bcbsnc.com>
  To: <samba@lists.samba.org>
  Sent: Friday, February 03, 2006 3:49 PM
  Subject: [Samba] Confused about what I am seeing with domain names


  >I could not get wbinfo -g/u to work and was seeing a bunch of errors
  > related to to not being able to enumerate groups.  I saw somebody use
  > idmap backend = ad and added this since I have been struggling to get ad
  > working (still not working).  Now, when I run wbinfo -g/-u, I am getting
  > groups and users, but the domain it shows is different than what I
  > expected.  My domain I was using for workgroup line is DOMAIN, for
  > example, but wbinfo -g returns back:
  >
  > DOMAIN_NETWORK/group
  >
  > Is _NETWORK something that samba added, or is theis the name of the
  > domain I should really be using?  I did a grep on wbinfo -u for my user,
  > and it returned my user too.  If my domain is actually DOMAIN_NETWORK,
  > is it possible my realm is not domain.com but domain_network.com or
  > something weird like that?  Should I change my workgroup line to use
  > domain_network?  I still can't get my kinit to find my kdc.  I am
  > wondering if I clear this up maybe my kdc kinit command will work.  Note
  > that I did ask my nt admin to run dns nslookup checks on
  > _ldap.domain.com and _kerberos.domain.com, and those did return the
  > correct results showing domain.com should be my realm.
  >
  > David
  >
  >
  >
  > David Shapiro
  > Unix Team Lead
  > 919-765-2011
  > -- 
  > To unsubscribe from this list go to the following URL and read the
  > instructions:  https://lists.samba.org/mailman/listinfo/samba 

  -- 
  To unsubscribe from this list go to the following URL and read the
  instructions:  https://lists.samba.org/mailman/listinfo/samba

I have done that during troubleshooting already to no avail.  When I
put these changes in now it still reports the infamous:
 
kinit(v5): Cannot resolve network address for KDC in requested realm
while getting initial credentials
 
 
David Shapiro
Unix Team Lead
919-765-2011
>>> "Nico De Wilde" <nico@openix.be> 2/3/2006 11:05:11
AM >>>
David,

Can you add the following lines to your krb5.conf:

[realms]
DOMAIN.COM = {
  kdc = ip.of.your.dc:88
  admin_server = ip.of.your.dc:749
  default_domain = domain.com
}

Regards,

Nico
  ----- Original Message ----- 
  From: David Shapiro 
  To: Nico Wilde 
  Sent: Friday, February 03, 2006 4:50 PM
  Subject: Re: [Samba] Confused about what I am seeing with domain
names


  I am trying to get a aix samba server to join an ads domain. I think
I see what the DOMAIN_NETWORK is.  wbinfo -D for it shows it is not an
ads server whereas the DOMAIN one is an ads server.  That one is not
showing information because kerberos cannot find the kdc for some reason
that I can't figure out.  It does have SRV records in dns.  

  Here is the krb5.conf file I am using:

  mit krb5:

  [libdefaults]
          default_realm = DOMAIN.COM

  [realms]
          DOMAIN.COM = {
                  kdc = adsserver.domain.com
                  admin_server = adsserver.domain.com
          }

  [domain_realm]
          .domain.com = DOMAIN.COM
          domain.com = DOMAIN.COM

  [logging]
          kdc = CONSOLE


  smb.conf:

  [global]
          workgroup = DOMAIN
          netbios name = sambaserver
          socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
          idmap uid = 10000-20000
          idmap gid = 10000-20000
          idmap backend = ad
          # os level = 65
          winbind enum users = yes
          winbind enum groups = yes
          #winbind uid = 10000-20000
          #winbind gid = 10000-20000
          winbind separator = /
          encrypt passwords = yes
          server string = samba server
          security = ADS
          # security = domain
          realm = DOMAIN.COM
          password server = adsserver.domain.com
          preferred master = no
          log file = /usr/local/samba/var/log.%m
          log level = 10
          max log size = 50
          local master = No
          dns proxy = No
          wins server = wins02 wins03
          wins proxy = no
          name resolve order = hosts wins lmhosts bcast
          aio read size = 1
          aio write size = 1
          template homedir = /home/winnt/%D/%U
          template shell = /bin/bash

  [homes]
          path = /home/%u
          read only = No


  David Shapiro
  Unix Team Lead
  919-765-2011

  >>> "Nico De Wilde" <nico@openix.be> 2/3/2006 9:55:15
AM >>>

  David,

  Please post your smb.conf / nsswitch.conf/krb5.conf

  What are you trying to achieve? Joining a samba server to a Windows
AD 
  domain?

  Please provide some more information.

  Thx.

  Regards,

  Nico


  ----- Original Message ----- 
  From: "David Shapiro" <David.Shapiro@bcbsnc.com>
  To: <samba@lists.samba.org>
  Sent: Friday, February 03, 2006 3:49 PM
  Subject: [Samba] Confused about what I am seeing with domain names


  >I could not get wbinfo -g/u to work and was seeing a bunch of
errors
  > related to to not being able to enumerate groups.  I saw somebody
use
  > idmap backend = ad and added this since I have been struggling to
get ad
  > working (still not working).  Now, when I run wbinfo -g/-u, I am
getting
  > groups and users, but the domain it shows is different than what I
  > expected.  My domain I was using for workgroup line is DOMAIN, for
  > example, but wbinfo -g returns back:
  >
  > DOMAIN_NETWORK/group
  >
  > Is _NETWORK something that samba added, or is theis the name of
the
  > domain I should really be using?  I did a grep on wbinfo -u for my
user,
  > and it returned my user too.  If my domain is actually
DOMAIN_NETWORK,
  > is it possible my realm is not domain.com but domain_network.com
or
  > something weird like that?  Should I change my workgroup line to
use
  > domain_network?  I still can't get my kinit to find my kdc.  I am
  > wondering if I clear this up maybe my kdc kinit command will work. 
Note
  > that I did ask my nt admin to run dns nslookup checks on
  > _ldap.domain.com and _kerberos.domain.com, and those did return
the
  > correct results showing domain.com should be my realm.
  >
  > David
  >
  >
  >
  > David Shapiro
  > Unix Team Lead
  > 919-765-2011
  > -- 
  > To unsubscribe from this list go to the following URL and read the
  > instructions:  https://lists.samba.org/mailman/listinfo/samba 

  -- 
  To unsubscribe from this list go to the following URL and read the
  instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

I see you put ip of dc.  When I run wbinfo --getdcname DOMAIN it does
not return back a dc.
 
The log.winbindd does not show anything even at log level 10:
 
]: Get DC name for BCBSNC
[2006/02/03 11:01:37, 10]
../nsswitch/winbindd_cache.c:cache_retrieve_response(1529)
  Retrieving response for pid 22330
[2006/02/03 11:03:07, 10]
../nsswitch/winbindd_cache.c:cache_retrieve_response(1529)
  Retrieving response for pid 22330
[2006/02/03 11:03:07, 10]
../nsswitch/winbindd_cache.c:cache_retrieve_response(1551)
  Retrieving extra data length=251
[2006/02/03 11:08:07, 10]
../nsswitch/winbindd_cache.c:cache_retrieve_response(1529)
  Retrieving response for pid 22330
[2006/02/03 11:08:07, 10]
../nsswitch/winbindd_cache.c:cache_retrieve_response(1551)
  Retrieving extra data length=251

 
David Shapiro
Unix Team Lead
919-765-2011
>>> "Nico De Wilde" <nico@openix.be> 2/3/2006 11:05:11
AM >>>
David,

Can you add the following lines to your krb5.conf:

[realms]
DOMAIN.COM = {
  kdc = ip.of.your.dc:88
  admin_server = ip.of.your.dc:749
  default_domain = domain.com
}

Regards,

Nico
  ----- Original Message ----- 
  From: David Shapiro 
  To: Nico Wilde 
  Sent: Friday, February 03, 2006 4:50 PM
  Subject: Re: [Samba] Confused about what I am seeing with domain
names


  I am trying to get a aix samba server to join an ads domain. I think
I see what the DOMAIN_NETWORK is.  wbinfo -D for it shows it is not an
ads server whereas the DOMAIN one is an ads server.  That one is not
showing information because kerberos cannot find the kdc for some reason
that I can't figure out.  It does have SRV records in dns.  

  Here is the krb5.conf file I am using:

  mit krb5:

  [libdefaults]
          default_realm = DOMAIN.COM

  [realms]
          DOMAIN.COM = {
                  kdc = adsserver.domain.com
                  admin_server = adsserver.domain.com
          }

  [domain_realm]
          .domain.com = DOMAIN.COM
          domain.com = DOMAIN.COM

  [logging]
          kdc = CONSOLE


  smb.conf:

  [global]
          workgroup = DOMAIN
          netbios name = sambaserver
          socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
          idmap uid = 10000-20000
          idmap gid = 10000-20000
          idmap backend = ad
          # os level = 65
          winbind enum users = yes
          winbind enum groups = yes
          #winbind uid = 10000-20000
          #winbind gid = 10000-20000
          winbind separator = /
          encrypt passwords = yes
          server string = samba server
          security = ADS
          # security = domain
          realm = DOMAIN.COM
          password server = adsserver.domain.com
          preferred master = no
          log file = /usr/local/samba/var/log.%m
          log level = 10
          max log size = 50
          local master = No
          dns proxy = No
          wins server = wins02 wins03
          wins proxy = no
          name resolve order = hosts wins lmhosts bcast
          aio read size = 1
          aio write size = 1
          template homedir = /home/winnt/%D/%U
          template shell = /bin/bash

  [homes]
          path = /home/%u
          read only = No


  David Shapiro
  Unix Team Lead
  919-765-2011

  >>> "Nico De Wilde" <nico@openix.be> 2/3/2006 9:55:15
AM >>>

  David,

  Please post your smb.conf / nsswitch.conf/krb5.conf

  What are you trying to achieve? Joining a samba server to a Windows
AD 
  domain?

  Please provide some more information.

  Thx.

  Regards,

  Nico


  ----- Original Message ----- 
  From: "David Shapiro" <David.Shapiro@bcbsnc.com>
  To: <samba@lists.samba.org>
  Sent: Friday, February 03, 2006 3:49 PM
  Subject: [Samba] Confused about what I am seeing with domain names


  >I could not get wbinfo -g/u to work and was seeing a bunch of
errors
  > related to to not being able to enumerate groups.  I saw somebody
use
  > idmap backend = ad and added this since I have been struggling to
get ad
  > working (still not working).  Now, when I run wbinfo -g/-u, I am
getting
  > groups and users, but the domain it shows is different than what I
  > expected.  My domain I was using for workgroup line is DOMAIN, for
  > example, but wbinfo -g returns back:
  >
  > DOMAIN_NETWORK/group
  >
  > Is _NETWORK something that samba added, or is theis the name of
the
  > domain I should really be using?  I did a grep on wbinfo -u for my
user,
  > and it returned my user too.  If my domain is actually
DOMAIN_NETWORK,
  > is it possible my realm is not domain.com but domain_network.com
or
  > something weird like that?  Should I change my workgroup line to
use
  > domain_network?  I still can't get my kinit to find my kdc.  I am
  > wondering if I clear this up maybe my kdc kinit command will work. 
Note
  > that I did ask my nt admin to run dns nslookup checks on
  > _ldap.domain.com and _kerberos.domain.com, and those did return
the
  > correct results showing domain.com should be my realm.
  >
  > David
  >
  >
  >
  > David Shapiro
  > Unix Team Lead
  > 919-765-2011
  > -- 
  > To unsubscribe from this list go to the following URL and read the
  > instructions:  https://lists.samba.org/mailman/listinfo/samba 

  -- 
  To unsubscribe from this list go to the following URL and read the
  instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

I hope this isn't a silly question:  do you have to use pam to get a
server to join ad?  I did not see that as a absolute requirement.
 
David Shapiro
Unix Team Lead
919-765-2011
>>> "Nico De Wilde" <nico@openix.be> 2/3/2006 11:05:11
AM >>>
David,

Can you add the following lines to your krb5.conf:

[realms]
DOMAIN.COM = {
  kdc = ip.of.your.dc:88
  admin_server = ip.of.your.dc:749
  default_domain = domain.com
}

Regards,

Nico
  ----- Original Message ----- 
  From: David Shapiro 
  To: Nico Wilde 
  Sent: Friday, February 03, 2006 4:50 PM
  Subject: Re: [Samba] Confused about what I am seeing with domain
names


  I am trying to get a aix samba server to join an ads domain. I think
I see what the DOMAIN_NETWORK is.  wbinfo -D for it shows it is not an
ads server whereas the DOMAIN one is an ads server.  That one is not
showing information because kerberos cannot find the kdc for some reason
that I can't figure out.  It does have SRV records in dns.  

  Here is the krb5.conf file I am using:

  mit krb5:

  [libdefaults]
          default_realm = DOMAIN.COM

  [realms]
          DOMAIN.COM = {
                  kdc = adsserver.domain.com
                  admin_server = adsserver.domain.com
          }

  [domain_realm]
          .domain.com = DOMAIN.COM
          domain.com = DOMAIN.COM

  [logging]
          kdc = CONSOLE


  smb.conf:

  [global]
          workgroup = DOMAIN
          netbios name = sambaserver
          socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
          idmap uid = 10000-20000
          idmap gid = 10000-20000
          idmap backend = ad
          # os level = 65
          winbind enum users = yes
          winbind enum groups = yes
          #winbind uid = 10000-20000
          #winbind gid = 10000-20000
          winbind separator = /
          encrypt passwords = yes
          server string = samba server
          security = ADS
          # security = domain
          realm = DOMAIN.COM
          password server = adsserver.domain.com
          preferred master = no
          log file = /usr/local/samba/var/log.%m
          log level = 10
          max log size = 50
          local master = No
          dns proxy = No
          wins server = wins02 wins03
          wins proxy = no
          name resolve order = hosts wins lmhosts bcast
          aio read size = 1
          aio write size = 1
          template homedir = /home/winnt/%D/%U
          template shell = /bin/bash

  [homes]
          path = /home/%u
          read only = No


  David Shapiro
  Unix Team Lead
  919-765-2011

  >>> "Nico De Wilde" <nico@openix.be> 2/3/2006 9:55:15
AM >>>

  David,

  Please post your smb.conf / nsswitch.conf/krb5.conf

  What are you trying to achieve? Joining a samba server to a Windows
AD 
  domain?

  Please provide some more information.

  Thx.

  Regards,

  Nico


  ----- Original Message ----- 
  From: "David Shapiro" <David.Shapiro@bcbsnc.com>
  To: <samba@lists.samba.org>
  Sent: Friday, February 03, 2006 3:49 PM
  Subject: [Samba] Confused about what I am seeing with domain names


  >I could not get wbinfo -g/u to work and was seeing a bunch of
errors
  > related to to not being able to enumerate groups.  I saw somebody
use
  > idmap backend = ad and added this since I have been struggling to
get ad
  > working (still not working).  Now, when I run wbinfo -g/-u, I am
getting
  > groups and users, but the domain it shows is different than what I
  > expected.  My domain I was using for workgroup line is DOMAIN, for
  > example, but wbinfo -g returns back:
  >
  > DOMAIN_NETWORK/group
  >
  > Is _NETWORK something that samba added, or is theis the name of
the
  > domain I should really be using?  I did a grep on wbinfo -u for my
user,
  > and it returned my user too.  If my domain is actually
DOMAIN_NETWORK,
  > is it possible my realm is not domain.com but domain_network.com
or
  > something weird like that?  Should I change my workgroup line to
use
  > domain_network?  I still can't get my kinit to find my kdc.  I am
  > wondering if I clear this up maybe my kdc kinit command will work. 
Note
  > that I did ask my nt admin to run dns nslookup checks on
  > _ldap.domain.com and _kerberos.domain.com, and those did return
the
  > correct results showing domain.com should be my realm.
  >
  > David
  >
  >
  >
  > David Shapiro
  > Unix Team Lead
  > 919-765-2011
  > -- 
  > To unsubscribe from this list go to the following URL and read the
  > instructions:  https://lists.samba.org/mailman/listinfo/samba 

  -- 
  To unsubscribe from this list go to the following URL and read the
  instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Help me. What am I doing wrong ??


# kinit administrator@mydomain.com
kinit(v5): Improper format of Kerberos configuration file while initializing
Kerberos 5 library



My winbind log.

eb  3 13:27:04 firewall winbindd[29307]: [2006/02/03 13:27:04, 0]
nsswitch/winbindd.c:request_len_recv(566)
Feb  3 13:27:04 firewall winbindd[29307]:   request_len_recv: Invalid
request size received: 1824
Feb  3 13:27:04 firewall winbindd[29307]: [2006/02/03 13:27:04, 0]
nsswitch/winbindd.c:request_len_recv(566)
Feb  3 13:27:04 firewall winbindd[29307]:   request_len_recv: Invalid
request size received: 1824
Feb  3 13:27:04 firewall winbindd[29307]: [2006/02/03 13:27:04, 0]
nsswitch/winbindd.c:request_len_recv(566)
Feb  3 13:27:04 firewall winbindd[29307]:   request_len_recv: Invalid
request size received: 1824
Feb  3 13:27:04 firewall winbindd[29307]: [2006/02/03 13:27:04, 0]
nsswitch/winbindd.c:request_len_recv(566)
Feb  3 13:27:04 firewall winbindd[29307]:   request_len_recv: Invalid
request size received: 1824
Feb  3 13:27:04 firewall winbindd[29307]: [2006/02/03 13:27:04, 0]
nsswitch/winbindd.c:request_len_recv(566)
Feb  3 13:27:04 firewall winbindd[29307]:   request_len_recv: Invalid
request size received: 1824
Feb  3 13:27:04 firewall winbindd[29307]: [2006/02/03 13:27:04, 0]
nsswitch/winbindd.c:request_len_recv(566)
Feb  3 13:27:04 firewall winbindd[29307]:   request_len_recv: Invalid
request size received: 1824
Feb  3 13:27:06 firewall winbindd[29307]: [2006/02/03 13:27:06, 0]
nsswitch/winbindd.c:request_len_recv(566)
Feb  3 13:27:06 firewall winbindd[29307]:   request_len_recv: Invalid
request size received: 1824
Feb  3 13:27:06 firewall winbindd[29307]: [2006/02/03 13:27:06, 0]
nsswitch/winbindd.c:request_len_recv(566)
Feb  3 13:27:06 firewall winbindd[29307]:   request_len_recv: Invalid
request size received: 1824
Feb  3 13:27:06 firewall winbindd[29307]: [2006/02/03 13:27:06, 0]
nsswitch/winbindd.c:request_len_recv(566)
Feb  3 13:27:06 firewall winbindd[29307]:   request_len_recv: Invalid
request size received: 1824
Feb  3 13:27:10 firewall winbindd[29307]: [2006/02/03 13:27:10, 0]
nsswitch/winbindd.c:request_len_recv(566)
Feb  3 13:27:10 firewall winbindd[29307]:   request_len_recv: Invalid
request size received: 1824
Feb  3 13:27:10 firewall winbindd[29307]: [2006/02/03 13:27:10, 0]
nsswitch/winbindd.c:request_len_recv(566)
Feb  3 13:27:10 firewall winbindd[29307]:   request_len_recv: Invalid
request size received: 1824
Feb  3 13:27:10 firewall winbindd[29307]: [2006/02/03 13:27:10, 0]
nsswitch/winbindd.c:request_len_recv(56

In an effort to safeguard the privacy of all our communications, we have
taken steps to ensure our e-mail communications meet federal and state
privacy requirements. Thank you for your understanding.

David Shapiro sent you a secured message. The link below will take you
to a page where you can securely view the message. Click below to view
it, or cut and paste the following URL into your Web browser:
 
https://smail.pdr102072.com/ime?x=4-2550075-1352252-DDVONMN9

Your ability to retrieve this message will expire on Sunday March 05,
2006.

I see you put ip of dc.  When I run wbinfo --getdcname DOMAIN it does
not return back a dc.
 
The log.winbindd does not show anything even at log level 10:
 
]: Get DC name for DOMAIN
[2006/02/03 11:01:37, 10]
../nsswitch/winbindd_cache.c:cache_retrieve_response(1529)
  Retrieving response for pid 22330
[2006/02/03 11:03:07, 10]
../nsswitch/winbindd_cache.c:cache_retrieve_response(1529)
  Retrieving response for pid 22330
[2006/02/03 11:03:07, 10]
../nsswitch/winbindd_cache.c:cache_retrieve_response(1551)
  Retrieving extra data length=251
[2006/02/03 11:08:07, 10]
../nsswitch/winbindd_cache.c:cache_retrieve_response(1529)
  Retrieving response for pid 22330
[2006/02/03 11:08:07, 10]
../nsswitch/winbindd_cache.c:cache_retrieve_response(1551)
  Retrieving extra data length=251

 
David Shapiro
Unix Team Lead
919-765-2011
 
David Shapiro
Unix Team Lead
919-765-2011
>>> "Nico De Wilde" <nico@openix.be> 2/3/2006 11:05:11
AM >>>
David,

Can you add the following lines to your krb5.conf:

[realms]
DOMAIN.COM = {
  kdc = ip.of.your.dc:88
  admin_server = ip.of.your.dc:749
  default_domain = domain.com
}

Regards,

Nico
  ----- Original Message ----- 
  From: David Shapiro 
  To: Nico Wilde 
  Sent: Friday, February 03, 2006 4:50 PM
  Subject: Re: [Samba] Confused about what I am seeing with domain
names


  I am trying to get a aix samba server to join an ads domain. I think
I see what the DOMAIN_NETWORK is.  wbinfo -D for it shows it is not an
ads server whereas the DOMAIN one is an ads server.  That one is not
showing information because kerberos cannot find the kdc for some reason
that I can't figure out.  It does have SRV records in dns.  

  Here is the krb5.conf file I am using:

  mit krb5:

  [libdefaults]
          default_realm = DOMAIN.COM

  [realms]
          DOMAIN.COM = {
                  kdc = adsserver.domain.com
                  admin_server = adsserver.domain.com
          }

  [domain_realm]
          .domain.com = DOMAIN.COM
          domain.com = DOMAIN.COM

  [logging]
          kdc = CONSOLE


  smb.conf:

  [global]
          workgroup = DOMAIN
          netbios name = sambaserver
          socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
          idmap uid = 10000-20000
          idmap gid = 10000-20000
          idmap backend = ad
          # os level = 65
          winbind enum users = yes
          winbind enum groups = yes
          #winbind uid = 10000-20000
          #winbind gid = 10000-20000
          winbind separator = /
          encrypt passwords = yes
          server string = samba server
          security = ADS
          # security = domain
          realm = DOMAIN.COM
          password server = adsserver.domain.com
          preferred master = no
          log file = /usr/local/samba/var/log.%m
          log level = 10
          max log size = 50
          local master = No
          dns proxy = No
          wins server = wins02 wins03
          wins proxy = no
          name resolve order = hosts wins lmhosts bcast
          aio read size = 1
          aio write size = 1
          template homedir = /home/winnt/%D/%U
          template shell = /bin/bash

  [homes]
          path = /home/%u
          read only = No


  David Shapiro
  Unix Team Lead
  919-765-2011

  >>> "Nico De Wilde" <nico@openix.be> 2/3/2006 9:55:15
AM >>>

  David,

  Please post your smb.conf / nsswitch.conf/krb5.conf

  What are you trying to achieve? Joining a samba server to a Windows
AD 
  domain?

  Please provide some more information.

  Thx.

  Regards,

  Nico


  ----- Original Message ----- 
  From: "David Shapiro" <David.Shapiro@bcbsnc.com>
  To: <samba@lists.samba.org>
  Sent: Friday, February 03, 2006 3:49 PM
  Subject: [Samba] Confused about what I am seeing with domain names


  >I could not get wbinfo -g/u to work and was seeing a bunch of
errors
  > related to to not being able to enumerate groups.  I saw somebody
use
  > idmap backend = ad and added this since I have been struggling to
get ad
  > working (still not working).  Now, when I run wbinfo -g/-u, I am
getting
  > groups and users, but the domain it shows is different than what I
  > expected.  My domain I was using for workgroup line is DOMAIN, for
  > example, but wbinfo -g returns back:
  >
  > DOMAIN_NETWORK/group
  >
  > Is _NETWORK something that samba added, or is theis the name of
the
  > domain I should really be using?  I did a grep on wbinfo -u for my
user,
  > and it returned my user too.  If my domain is actually
DOMAIN_NETWORK,
  > is it possible my realm is not domain.com but domain_network.com
or
  > something weird like that?  Should I change my workgroup line to
use
  > domain_network?  I still can't get my kinit to find my kdc.  I am
  > wondering if I clear this up maybe my kdc kinit command will work. 
Note
  > that I did ask my nt admin to run dns nslookup checks on
  > _ldap.domain.com and _kerberos.domain.com, and those did return
the
  > correct results showing domain.com should be my realm.
  >
  > David
  >
  >
  >
  > David Shapiro
  > Unix Team Lead
  > 919-765-2011
  > -- 
  > To unsubscribe from this list go to the following URL and read the
  > instructions:  https://lists.samba.org/mailman/listinfo/samba 

  -- 
  To unsubscribe from this list go to the following URL and read the
  instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba