samba - Jun 2002 - 2.2.5 upgrade bug report - winbindd and password servers

Boy this was a big scary headache! As well, I really wish the samba upgrade
didn't wipe my changes to /etc/pam.d/samba and /etc/rc.d/init.d/smb (back
them up instead, please).

Situation: 
	Upgrading Samba from 2.2.4 to 2.2.5. Samba is using winbindd for

	authentication.

Problem: 
	Under 2.2.4, smb.conf originally contained a password server
specified by 
	IP address:
        password server = 10.0.10.8

	After the upgrade to 2.2.5 authentication was failing... 
	'/usr/sbin/winbindd -d 3 -i' showed the following:
        Could not look up dc's for domain AHBLNT1
        Could not open a connection to AHBLNT1 for \PIPE\lsarpc
		(NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)

Solution:
	Under 2.2.5, solve this by giving the machine name in the 'password 
	server' line or use an asterisk (untested with asterisk):
        password server = iman 10.0.10.8



Greg Webster
Systems Administrator    
Alexander Holburn Beaudin & Lang
Barristers & Solicitors
2700 - 700 W. Georgia St.
Vancouver, BC V7Y 1B8 
Phone: (604) 688-1351
Direct: (604) 643-2146
Fax: (604) 669-7642 

   Email: gwebster@ahbl.ca 
Firm Web Site: http://www.ahbl.ca 




WARNING - CONFIDENTIALITY NOTICE 
This e-mail message and any attachments thereto are intended solely for the
use of the individual or entity to whom it is addressed and contains
information that is confidential and may be privileged and exempt from
disclosure. Any distribution, copying or disclosure is strictly prohibited.
If you have received this e-mail in error, please notify the sender
immediately by return email and delete the message unread without making any
copies. Thank you.

Well, if it worked with an IP address in 2.2.4 that was a bug. From
the man page -

password server (G)

By specifying the name of another SMB server (such as a WinNT box) 
with this option, and using security = domain or security = server 
you can get Samba to do all its username/password validation via a 
remote server.

This option sets the name of the password server to use. It must be 
a NetBIOS name, so if the machine's NetBIOS name is different from 
its Internet name then you may have to add its NetBIOS name to the 
lmhosts file which is stored in the same directory as the smb.conf 
file.



"WEBSTER, Greg" wrote:
> 
> Boy this was a big scary headache! As well, I really wish the samba upgrade
> didn't wipe my changes to /etc/pam.d/samba and /etc/rc.d/init.d/smb
(back
> them up instead, please).
> 
> Situation:
>         Upgrading Samba from 2.2.4 to 2.2.5. Samba is using winbindd for
> 
>         authentication.
> 
> Problem:
>         Under 2.2.4, smb.conf originally contained a password server
> specified by
>         IP address:
>         password server = 10.0.10.8
> 
>         After the upgrade to 2.2.5 authentication was failing...
>         '/usr/sbin/winbindd -d 3 -i' showed the following:
>         Could not look up dc's for domain AHBLNT1
>         Could not open a connection to AHBLNT1 for \PIPE\lsarpc
>                 (NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)
> 
> Solution:
>         Under 2.2.5, solve this by giving the machine name in the
'password
>         server' line or use an asterisk (untested with asterisk):
>         password server = iman 10.0.10.8
> 
> Greg Webster
> Systems Administrator
> Alexander Holburn Beaudin & Lang
> Barristers & Solicitors
> 2700 - 700 W. Georgia St.
> Vancouver, BC V7Y 1B8
> Phone: (604) 688-1351
> Direct: (604) 643-2146
> Fax: (604) 669-7642
> 
>    Email: gwebster@ahbl.ca
> Firm Web Site: http://www.ahbl.ca
> 
> WARNING - CONFIDENTIALITY NOTICE
> This e-mail message and any attachments thereto are intended solely for the
> use of the individual or entity to whom it is addressed and contains
> information that is confidential and may be privileged and exempt from
> disclosure. Any distribution, copying or disclosure is strictly prohibited.
> If you have received this e-mail in error, please notify the sender
> immediately by return email and delete the message unread without making
any
> copies. Thank you.
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
-- 
=====================================================================Herb Lewis 
Silicon Graphics
Networking Engineer                      1600 Amphitheatre Pkwy MS-510
Strategic Software Organization          Mountain View, CA  94043-1351
herb@sgi.com                             Tel: 650-933-2177
http://www.sgi.com                       Fax: 650-932-2177          
======================================================================