Hello, I'm trying to query one of my remote domains for users via
"wbinfo -u --domain=EUROPE" and receiving "Error looking up
domain
users". I have been successfully able to look up users in multiple
domains i.e. "wbinfo -u --domain=UK". My current domain is called
NTDOMAIN in which I have my Ubuntu Dapper (6.06) box, running winbind
3.0.22-1ubuntu3.1 and samba 3.0.22-1ubuntu3.1. NTDOMAIN is hosted on a
NT4 SP6a PDC, EUROPE is a Windows Server 2003 R2 SP1, and 2-way trusts
are established. I have winbind running as "winbind -d 100" for
maximum
logging. Steps I've tried:
* I have confirmed that the trust between NTDOMAIN <-> EUROPE
validates (via Windows tools)
* Tried using a user account with full domain privileges in the
EUROPE domain via "wbinfo --set-auth=user=EUROPE/user%password"
but no change.
* Successfully logged in from one domain to another (i.e. an
NTDOMAIN user logged in to a machine joined to the EUROPE domain,
and vice versa)
While tailing the log /var/log/samba/0.0.0.0_0.0.0.0_winbindd_.log I see
that the samba box successfully detects the PDC role server for the
EUROPE domain and locates the correct IP address, the samba box tries to
authenticate against the EUROPE domain using it's NTDOMAIN computer
account, and negotiates security authentication mechanisms. I then see
this error in the log:
[2006/12/04 16:05:04, 4] nsswitch/winbindd_cm.c:cm_prepare_connection(305)
authenticated session setup failed with No logon workstation trust account
I don't understand this, the samba box would not have a workstation
account in the EUROPE domain, it is joined to the NTDOMAIN domain.
I've attached results of some wbinfo commands.
----
root@s-lnx003-50:~# wbinfo -m
UK
EUROPE
----
root@s-lnx003-50:~# wbinfo --sequence:
EUROPE : DISCONNECTED
UK : 4969
S-LNX003-50 : 1
BUILTIN : 1
NTDOMAIN : 34338
----
root@s-lnx003-50:~# wbinfo -D NTDOMAIN
Name : NTDOMAIN
Alt_Name :
SID : <deleted>
Active Directory : No
Native : No
Primary : Yes
Sequence : 34338
----
root@s-lnx003-50:~# wbinfo -D EUROPE
Name : EUROPE
Alt_Name : europe.<deleted>
SID : <deleted>
Active Directory : Yes
Native : No
Primary : No
Sequence : -1
----
root@s-lnx003-50:~# wbinfo -t
checking the trust secret via RPC calls succeeded
----
/etc/samba/smb.conf:
workgroup = NTDOMAIN
security = domain
password server = <deleted> <deleted>
winbind separator = /
winbind cache time = 10
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
obey pam restrictions = no
winbind nested groups = yes
Any suggestions? I'd be happy to provide more log or configuration file
data. Thanks very much!
--
Michael Coburn
Enterprise Systems Adminstrator
