samba - Jul 2006 - Samba with ADS problem: smbstatus does not show connections - starting winbind fails

Hello,

I use Samba 3.0.22 on a Solaris 8 system.

I have configured and compiled it myself:

CFLAGS='-I /opt/local/openldap/include' ; export CFLAGS
LDFLAGS="-L/opt/local/openldap/lib, -R/opt/local/openldap/lib" ;
export
LDFLAGS
CPPFLAGS="-IL/opt/local/openldap/include" ; export CPPFLAGS
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/local/openldap/lib ; export
LD_LIBRARY_PATH

./configure --prefix=/opt/local/samba --with-windind --with-ads
--with-ldap --with-krb5=/opt/local/kerberos5 --with-acl-support 
make
make install

Yesterday I successfully joined Samba with ADS:

./kinit Samba _Dienst@BAR.ORG

 ./net  ads join
[2006/07/04 10:46:27, 0] libads/ldap.c:ads_add_machine_acct(1414)
  ads_add_machine_acct: Host account for FOO already exists - modifying
old account
Using short domain name -- BLA
Joined 'FOO' to realm 'BAR.ORG'

Everthing was fine.

I could do a wbinfo -u and wbinfo -g and could see the users and groups
of the ADS.

I configured winbind to the /etc/nsswitch.conf:
passwd:     files winbind
group:      files winbind

And then a getent passwd or getent also showed me the users and groups
of the ADS.

# chgrp BLA\m7100 testdir
ls -ld testdir
drwxrwx---+  2 samba    BLA\m7100      96 Jul  4 11:40 testdir

So almost everything was fine, there was on thing that didn't work as
expected.

smbstatus and swat status didn't show active connections/users/open
files.

My smb.conf is:

[global]
  workgroup = BLA
  realm = BLA.ORG
  netbios aliases = FOO_SAMBA
  server string = samba %v
  security = ADS
  update encrypted = Yes
  guest account = samba
  log level = 10
  log file = /opt/local/samba/var/log.%m
  ldap ssl = no
  idmap uid = 55000-60000
  idmap gid = 55000-60000
  template homedir = /home/windbindd/%D/%U

[unix$]
   path = /usr/sap/sambafreigabe
  read only = No
  directory mask = 0777
  inherit permissions = Yes
  inherit acls = Yes

Today I restarted samba and winbind will not start.

I have tried it several times and every time I can see the messages:

[2006/07/05 11:29:14, 4] lib/time.c:TimeInit(142)
  TimeInit: Serverzone is -7200
[2006/07/05 11:29:15, 2] lib/tallocmsg.c:register_msg_pool_usage(61)
  Registered MSG_REQ_POOL_USAGE
[2006/07/05 11:29:15, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
  Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2006/07/05 11:29:15, 2]
nsswitch/winbindd_util.c:add_trusted_domain(173)
  Added domain HYBA HYBA.ORG S-1-5-21-842925246-1123561945-839522115
[2006/07/05 11:29:15, 2]
nsswitch/winbindd_util.c:add_trusted_domain(173)
  Added domain BUILTIN  S-1-5-32
[2006/07/05 11:29:15, 2]
nsswitch/winbindd_util.c:add_trusted_domain(173)
  Added domain IDSOL003  S-1-5-21-1163267064-2638366506-143053174
[2006/07/05 11:29:15, 10]
nsswitch/winbindd_util.c:open_winbindd_socket(906)
  open_winbindd_socket: opened socket fd 11
[2006/07/05 11:29:15, 0] lib/util_sock.c:create_pipe_sock(1281)
  invalid permissions on socket directory
/opt/local/samba/var/locks/winbindd_pr
ivileged
[2006/07/05 11:29:15, 10]
nsswitch/winbindd_util.c:open_winbindd_priv_socket(918
)
  open_winbindd_priv_socket: opened socket fd -1
open_winbind_socket: Resource temporarily unavailable

I'd apreciate any suggestions

Roland

Hello,

I found out why my winbind didn't start.

I did a chmod 750 to /opt/local/samba/var/locks/winbindd_privileged and
now it works.

I didn't notice that the message 

invalid permissions on socket directory
/opt/local/samba/var/locks/winbindd_pr
ivileged

was an error, I thought it only was a warning.

So maybe It would be a good idea to report something like:

invalid permissions on socket directory
/opt/local/samba/var/locks/winbindd_pr
ivileged - Aborting 

I still face the problem that smbstatus does not show connections.

smbstatus

Samba version 3.0.22
PID     Username      Group         Machine
-------------------------------------------------------------------

Service      pid     machine       Connected at
-------------------------------------------------------

No locked files

Thank you

Roland