Dear all, I'm trying to make winbindd working without much success. I would like to set my linux box as a samba PDC and as winbindd host with some win2k workstations. I'm using mdk 8.1 and have installed the corresponding rpms (samba-2.2.2-6 by cooker). I followed howto and samba doc to set the pdc and it works. Following winbindd doc I have to used "smbpasswd -L -j IUTINFO -U root" to join the local domain. But when I launch winbindd, the wbinfo -t return : [root@mdk samba]# wbinfo -t Could not check secret What's wrong ? thx for help... here is the log.winbindd : ==> /var/log/samba/log.winbindd <=[2002/01/13 07:47:01, 3] nsswitch/winbindd_util.c:establish_connections(350) establishing connections [2002/01/13 07:47:01, 3] nsswitch/winbindd_util.c:debug_conn_state(33) server: dc=, pwdb_init=0, lsa_hnd=0 [2002/01/13 07:47:01, 3] libsmb/namequery.c:resolve_lmhosts(749) resolve_lmhosts: Attempting lmhosts lookup for name IUTINFO<0x1c> [2002/01/13 07:47:01, 3] libsmb/namequery.c:resolve_wins(691) resolve_wins: Attempting wins lookup for name IUTINFO<0x1c> [2002/01/13 07:47:01, 3] libsmb/namequery.c:resolve_wins(702) resolve_wins: WINS server resolution selected and no WINS servers listed. [2002/01/13 07:47:01, 3] libsmb/namequery.c:name_resolve_bcast(641) name_resolve_bcast: Attempting broadcast lookup for name IUTINFO<0x1c> [2002/01/13 07:47:01, 3] lib/util_sock.c:open_socket_in(839) bind succeeded on port 0 [2002/01/13 07:47:01, 2] libsmb/namequery.c:name_query(417) Got a positive name query response from 192.168.2.5 ( 192.168.2.5 ) [2002/01/13 07:47:01, 3] lib/util_sock.c:open_socket_in(839) bind succeeded on port 0 [2002/01/13 07:47:01, 3] libsmb/namequery.c:resolve_lmhosts(749) resolve_lmhosts: Attempting lmhosts lookup for name MDK<0x20> [2002/01/13 07:47:01, 3] lib/util_sock.c:open_socket_out(871) Connecting to 192.168.2.5 at port 139 [2002/01/13 07:47:21, 1] libsmb/cliconnect.c:cli_establish_connection(717) failed session setup [2002/01/13 07:47:21, 0] nsswitch/winbindd_util.c:establish_connections(393) error opening lsa handle on dc MDK [2002/01/13 07:47:51, 3] nsswitch/winbindd_util.c:establish_connections(350) establishing connections [2002/01/13 07:47:51, 3] nsswitch/winbindd_util.c:debug_conn_state(33) server: dc=MDK, pwdb_init=1, lsa_hnd=0 [2002/01/13 07:47:51, 3] libsmb/namequery.c:resolve_lmhosts(749) resolve_lmhosts: Attempting lmhosts lookup for name MDK<0x20> [2002/01/13 07:47:51, 3] lib/util_sock.c:open_socket_out(871) Connecting to 192.168.2.5 at port 139 [2002/01/13 07:48:12, 1] libsmb/cliconnect.c:cli_establish_connection(717) failed session setup [2002/01/13 07:48:12, 0] nsswitch/winbindd_util.c:establish_connections(393) error opening lsa handle on dc MDK [2002/01/13 07:48:42, 3] nsswitch/winbindd_util.c:establish_connections(350) establishing connections [2002/01/13 07:48:42, 3] nsswitch/winbindd_util.c:debug_conn_state(33) server: dc=MDK, pwdb_init=1, lsa_hnd=0 [2002/01/13 07:48:42, 3] libsmb/namequery.c:resolve_lmhosts(749) resolve_lmhosts: Attempting lmhosts lookup for name MDK<0x20> [2002/01/13 07:48:42, 3] lib/util_sock.c:open_socket_out(871) Connecting to 192.168.2.5 at port 139 [2002/01/13 07:49:02, 1] libsmb/cliconnect.c:cli_establish_connection(717) failed session setup [2002/01/13 07:49:02, 0] nsswitch/winbindd_util.c:establish_connections(393) error opening lsa handle on dc MDK
Ok thx I thought the same but was not sure. Regards :) Heim> >Subject: Re: winbind problem > From: "Hans Rasmussen" <hans@sbsfor.com> > Date: Sun, 13 Jan 2002 08:13:05 -0800 > To: "heimdall" <heimdall@hypulse.com> > >If you are using a linux box as a PDC, then that box can't be running >winbindd. Winbindd is used to check the accounts from a seperate PDC box. >I'm not sure, but I think that the PDC still has to be a MS NT box. > >Hope that helps > >Hans >----- Original Message ----- >From: "heimdall" <heimdall@hypulse.com> >To: <samba@lists.samba.org> >Cc: <samba-ntdom@lists.samba.org> >Sent: January 13, 2002 7:44 AM >Subject: winbind problem > > >> >> Dear all, >> >> I'm trying to make winbindd working without much success. >> >> I would like to set my linux box as a samba PDC and as winbindd host with >> some win2k workstations. >> I'm using mdk 8.1 and have installed the corresponding rpms (samba-2.2.2-6 >> by cooker). >> I followed howto and samba doc to set the pdc and it works. >> Following winbindd doc I have to used "smbpasswd -L -j IUTINFO -U root" to >> join the local domain. But when I launch winbindd, the wbinfo -t return : >> >> [root@mdk samba]# wbinfo -t >> Could not check secret >> >> What's wrong ? thx for help... >> >> here is the log.winbindd : >> ==> /var/log/samba/log.winbindd <=>> [2002/01/13 07:47:01, 3] >> nsswitch/winbindd_util.c:establish_connections(350) >> establishing connections >> [2002/01/13 07:47:01, 3] nsswitch/winbindd_util.c:debug_conn_state(33) >> server: dc=, pwdb_init=0, lsa_hnd=0 >> [2002/01/13 07:47:01, 3] libsmb/namequery.c:resolve_lmhosts(749) >> resolve_lmhosts: Attempting lmhosts lookup for name IUTINFO<0x1c> >> [2002/01/13 07:47:01, 3] libsmb/namequery.c:resolve_wins(691) >> resolve_wins: Attempting wins lookup for name IUTINFO<0x1c> >> [2002/01/13 07:47:01, 3] libsmb/namequery.c:resolve_wins(702) >> resolve_wins: WINS server resolution selected and no WINS servers >> listed. >> [2002/01/13 07:47:01, 3] libsmb/namequery.c:name_resolve_bcast(641) >> name_resolve_bcast: Attempting broadcast lookup for name IUTINFO<0x1c> >> [2002/01/13 07:47:01, 3] lib/util_sock.c:open_socket_in(839) >> bind succeeded on port 0 >> [2002/01/13 07:47:01, 2] libsmb/namequery.c:name_query(417) >> Got a positive name query response from 192.168.2.5 ( 192.168.2.5 ) >> [2002/01/13 07:47:01, 3] lib/util_sock.c:open_socket_in(839) >> bind succeeded on port 0 >> [2002/01/13 07:47:01, 3] libsmb/namequery.c:resolve_lmhosts(749) >> resolve_lmhosts: Attempting lmhosts lookup for name MDK<0x20> >> [2002/01/13 07:47:01, 3] lib/util_sock.c:open_socket_out(871) >> Connecting to 192.168.2.5 at port 139 >> [2002/01/13 07:47:21, 1] libsmb/cliconnect.c:cli_establish_connection(717) >> failed session setup >> [2002/01/13 07:47:21, 0] >> nsswitch/winbindd_util.c:establish_connections(393) >> error opening lsa handle on dc MDK >> [2002/01/13 07:47:51, 3] >> nsswitch/winbindd_util.c:establish_connections(350) >> establishing connections >> [2002/01/13 07:47:51, 3] nsswitch/winbindd_util.c:debug_conn_state(33) >> server: dc=MDK, pwdb_init=1, lsa_hnd=0 >> [2002/01/13 07:47:51, 3] libsmb/namequery.c:resolve_lmhosts(749) >> resolve_lmhosts: Attempting lmhosts lookup for name MDK<0x20> >> [2002/01/13 07:47:51, 3] lib/util_sock.c:open_socket_out(871) >> Connecting to 192.168.2.5 at port 139 >> [2002/01/13 07:48:12, 1] libsmb/cliconnect.c:cli_establish_connection(717) >> failed session setup >> [2002/01/13 07:48:12, 0] >> nsswitch/winbindd_util.c:establish_connections(393) >> error opening lsa handle on dc MDK >> [2002/01/13 07:48:42, 3] >> nsswitch/winbindd_util.c:establish_connections(350) >> establishing connections >> [2002/01/13 07:48:42, 3] nsswitch/winbindd_util.c:debug_conn_state(33) >> server: dc=MDK, pwdb_init=1, lsa_hnd=0 >> [2002/01/13 07:48:42, 3] libsmb/namequery.c:resolve_lmhosts(749) >> resolve_lmhosts: Attempting lmhosts lookup for name MDK<0x20> >> [2002/01/13 07:48:42, 3] lib/util_sock.c:open_socket_out(871) >> Connecting to 192.168.2.5 at port 139 >> [2002/01/13 07:49:02, 1] libsmb/cliconnect.c:cli_establish_connection(717) >> failed session setup >> [2002/01/13 07:49:02, 0] >> nsswitch/winbindd_util.c:establish_connections(393) >> error opening lsa handle on dc MDK >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: http://lists.samba.org/mailman/listinfo/samba
I'v looked down thousands of the old history listing and saw a few ppl had
similar problem and was asking for help. But no one seemed to come up a
solution yet (and forgive me if I missed the solution). So I'll just try to
descripe my problem as detailsed as possible and see if someone could be
kind enough to help out.
OS: Redhat Linux 7.2
Samba: 2.2.2 (doesn't work with 3.0 alpha either)
Security level: Domain
Domain: Windows 2000 Active Directory in Mixed Mode
PDC: Windows 2000 Server SP2
Ohter DC's, BDC's: None
and here's the scenario:
1. linux box joined the domain successfully (using smbpasswd or net rpc join
in 3.0) and is verified on the win2k server ad management panel
2. linux box can smbclient -L DC using root or any other domain users
3. however, when doing 'wbinfo -u' or -g, an error message "Error
looking up
domain users (or gruops)" appears. the final portion of the debug msg
generated by 'winbind -i -d10' is:
00018 samr_io_r_connect
000018 smb_io_pol_hnd connect_pol
0018 data1: 00000000
001c data2: 00000000
0020 data3: 0000
0022 data4: 0000
0024 data5: 00 00 00 00 00 00 00 00
002c status: NT_STATUS_ACCESS_DENIED <= is this the problem?
client_write: wrote 1300 bytes.
client_read: read 0 bytes. Need 1304 more for a full request.
read failed on sock 12, pid 1536: EOF
4. 'wbinfo -t' returns "Secret is good"
5. 'wbinfo -m' returns nothing
6. 'wbinfo -u foo' gives the correct sid for the domain user foo
7. 'wbinfo -s sid' gives the correct domain+username for sid
8. whether smbd & nmbd are running makes no difference
9 since wbinfo -ug doesn't work, getent passwd & getent group give me
only
the accounts & groups on local machine.
10. a copy of my nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind
11. a copy of my smb.conf
[global]
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
workgroup = neon
server string = Samba Server
security = domain
password server = *
encrypt password = yes
[homes]
comment = home
browseable = no
writable = yes
12. thanks for all of you in advance...
Mars
Hi:
I am trying to use winbind and users from a Windows domain in a Samba
server on a RedHat 7.2 machine.
I added the machine to the NT Domain with no problems.
But I see a very odd behavior:
#wbinfo -t
Secret is good
#wbinfo -u
gives me the correct domain user list
#wbinfo -g
gives me the correct domain group list
#wbinfo -a MYDOMAIN+user%password
plaintext password authentication succeeded
challenge/response password authentication failed
Could not authenticate user MYDOMAIN+user%password with
challenge/response
#getent passwd
gives me the local users + domain users
#getent group
gives me the right local group + domain groups
So far so good
Now:
#su MYDOMAIN+user
su: user MYDOMAIN+user does not exist
#chown MYDOMAIN+user /tmp/a
chown: 'MYDOMAIN+user' : invalid user
Am I missing something here???????????
My configuration:
RedHat 7.2 + SGI XFS + samba-2.2.3-20020202
Windows NT 4.0 PDC
nsswitch.conf entries:
passwd: files winbind
shadow: files
group: files winbind
Winbind entries in smb.conf:
[global]
workgroup = MYDOMAIN
netbios name = Server1
interfaces = eth0
security = DOMAIN
encrypt passwords = Yes
password server = pdc, bdc
pam password change = Yes
log level = 3
log file = /var/log/samba/%m.log
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = cups
preferred master = auto
local master = No
domain master = False
dns proxy = No
wins server = 10.10.250.30
# hide local users = Yes
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind cache time = 86400
winbind separator = +
printer admin = @"MYDOMAIN+Domain Admins"
printing = cups
etc....
Hi, I am using Samba 2.2.3a-20020206 on a Red Hat Linux 7.2 server, trying to connect it to my W2K domain. I have configured winbind according to the winbind.html help that comes with the Samba rpm, and have gotten one server working, but not the other. When I try to run wbinfo -g or wbinfo-u I get Error looking up domain groups. When I try wbinfo -t I get Secret is bad 0xc0000001. I did finally get Samba to join the W2K domain, but I had to add the DC to my DNS server (also on the same machine) before that would happen. How do I get winbind to work properly? What am I missing? I have edited the nsswitch.conf file, added winbind, reloaded it according to instructions, and it seems to start OK. Thanks, Kevin Bramblett
I am looking for suggestions as to how to correct this. Samba version 2.2.3a OS HPUX 11.0 Situation: winbindd seems to work intermittantly i.e. it occasionally starts-up and works fine otherwise iget the following: wbinfo -u gets "Error looking up domain users" log.winbindd shows (debug level 3): on startup: [2002/04/08 13:59:02, 1] lib/debug.c:debug_message(248) INFO: Debug class all level = 1 (pid 14447 from pid 14447) [2002/04/08 13:59:02, 1] param/loadparm.c:service_ok(2158) NOTE: Service printers is flagged unavailable. [2002/04/08 13:59:02, 2] lib/interface.c:add_interface(81) added interface ip=10.141.1.191 bcast=10.141.255.255 nmask=255.255.0.0 [2002/04/08 13:59:02, 2] lib/interface.c:add_interface(81) added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 [2002/04/08 13:59:02, 1] nsswitch/winbindd_util.c:get_domain_info(137) getting trusted domain list [2002/04/08 13:59:02, 3] libsmb/namequery.c:resolve_lmhosts(752) resolve_lmhosts: Attempting lmhosts lookup for name ap-dc01<0x20> [2002/04/08 13:59:02, 3] libsmb/namequery.c:resolve_hosts(792) resolve_hosts: Attempting host lookup for name ap-dc01<0x20> [2002/04/08 13:59:02, 3] libsmb/namequery.c:resolve_lmhosts(752) resolve_lmhosts: Attempting lmhosts lookup for name ap-dc02<0x20> [2002/04/08 13:59:02, 3] libsmb/namequery.c:resolve_hosts(792) resolve_hosts: Attempting host lookup for name ap-dc02<0x20> [2002/04/08 13:59:02, 3] libsmb/namequery.c:resolve_lmhosts(752) resolve_lmhosts: Attempting lmhosts lookup for name ap-dc03<0x20> [2002/04/08 13:59:02, 3] libsmb/namequery.c:resolve_hosts(792) resolve_hosts: Attempting host lookup for name ap-dc03<0x20> [2002/04/08 13:59:02, 3] libsmb/namequery.c:resolve_lmhosts(752) resolve_lmhosts: Attempting lmhosts lookup for name ap-dc04<0x20> [2002/04/08 13:59:02, 3] libsmb/namequery.c:resolve_hosts(792) resolve_hosts: Attempting host lookup for name ap-dc04<0x20> [2002/04/08 13:59:02, 3] lib/util_sock.c:open_socket_in(798) bind succeeded on port 0 [2002/04/08 13:59:02, 3] libsmb/namequery.c:resolve_lmhosts(752) resolve_lmhosts: Attempting lmhosts lookup for name AP-DC02<0x20> [2002/04/08 13:59:02, 3] libsmb/namequery.c:resolve_hosts(792) resolve_hosts: Attempting host lookup for name AP-DC02<0x20> [2002/04/08 13:59:02, 3] nsswitch/winbindd_cm.c:cm_init_creds(211) IPC$ connections done anonymously [2002/04/08 13:59:02, 3] lib/util_sock.c:open_socket_out(830) Connecting to 10.141.1.170 at port 445 [2002/04/08 13:59:03, 2] lib/util_sock.c:open_socket_out(858) error connecting to 10.141.1.170:445 (Invalid argument) [2002/04/08 13:59:03, 3] lib/util_sock.c:open_socket_out(830) Connecting to 10.141.1.170 at port 139 [2002/04/08 13:59:03, 1] nsswitch/winbindd_util.c:add_trusted_domain(103) adding domain PMA_NB on wbinfo command: [2002/04/08 14:05:02, 3] nsswitch/winbindd_user.c:winbindd_list_users(629) [14956]: list users It seems when I see the Invalid Argument message when connecting to port 445, winbindd is unable to query the domain controllers. Suggestions and guidance, please. Paul Orwig Pacific Life
Hello I've got a little problem with pam_winbind. My /etc/nssstitch.conf contains: passwd: files winbind group: files winbind My /etc/pam.d/login contains: account required /lib/security/pam_winbind.so debug Authentication with pam_smb_auth.so works fine but there seem to be a PAM account problem of pam_winbind: I've got the following message: pam_winbind[3590]: user `admin' not found. Do I have to make some extra-configs to pam_winbind to work ? Thanks for any help, Sergiu
Hi, This is probably a simple enough question, but for a relative linux-samba newbie like me I just can't seem to figure what's going on. I have set up winbind with samba and followed the howto up to the point where I'm testing winbind using the wbinfo -u command and it does seem to work except that it doesn't return the domain name just the domains username so for instance instead of DOMAIN\Joe.Bloggs it just give Joe.Bloggs, anything any of you guys can suggest, Thanks Donal
Have you set "winbind use default domain = yes" ? Juer>-----Original Message----- >From: Donal Byrne [mailto:donal.byrne@XIAM.com] >Sent: 26 June 2002 10:50 >To: 'samba@lists.samba.org' >Subject: [Samba] Winbind problem > > >Hi, >This is probably a simple enough question, but for a relative >linux-samba >newbie like me I just can't seem to figure what's going on. I >have set up >winbind with samba and followed the howto up to the point >where I'm testing >winbind using the wbinfo -u command and it does seem to work >except that it >doesn't return the domain name just the domains username so >for instance >instead of DOMAIN\Joe.Bloggs it just give Joe.Bloggs, anything >any of you >guys can suggest, >Thanks >Donal > > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: http://lists.samba.org/mailman/listinfo/samba >
Hello I start nmbd and winbind and aparently works fine... but if i enter the command wbinfo -p result "ping to winbindd failed... could not ping winbindd!" What is incorrect? Thanks Wilson
Im running samba 2.2.7 on a redhat 7.2 machine. I run winbindd and it
says it can't connect to the Win2k machine. I know that this is due to
the fact the anonymous connections arent allowed. So to fix this I run
'wbinfo -A admin%password'. Looking at winbindd in interactive and
debug mode I see that winbind now uses admin to try to connect but now
winbind crashes with this error:
.
.
.
000018 lsa_io_r_enum_trust_dom
0018 enum_context : 80000000
001c num_domains : 00000000
0020 ptr_enum_domains: 00000000
0024 status: NT_STATUS_NO_MORE_ENTRIES
invalid permissions on socket directory /tmp/.winbindd
failed to create socket
I checked the permissions on /tmp/.winbindd and it's owned by root with
777 permissions.
Thanks for any info.
-Ben
I have a strange problem with winbind. I had winbind working for a while on a Redhat Linux 7.1 server, but now it stopped working. I use Samba version 2.2.8a # /usr/local/samba/bin/wbinfo -p 'ping' to winbindd failed could not ping winbindd! # pgrep -l winbin 29524 winbindd # I can join the domain with 'smbpasswd -j' -- Matti Koskimies Fujitsu Invia, Finland tel. +358 10 599 4199, gsm +358 50 387 0590 matti.koskimies@invia.fujitsu.com, http://invia.fujitsu.com
i'm trying to run winbind on my samba 2.2.7 it seems that i was able to join the w2k domain but now when i try to run wbinfo -u or i get error in fetching domain users. i tried to debug winbind by issuing the command winbind -i -d 5 and i get the error : could not open a connection to HOME.COM for \PIPE\lsarpc NT_STATUS_DOMAINN_CONTROLLER NOT FOUND. The authentication process is working fine with the smbpasswd command so that it will only accept legal administrator accounts. I'm using Active Directory on windows2000 advanced server . I would really appreciate any help regarding this issue because i've found that many admins are suffering from the same problem too. Thank you. _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus