samba - Aug 2003 - Samba 3.3.0.obeta3, Redhat 9.0, Win2k ADS integration

My goal here is to add my Redhat 9.0 box to the domain and authenticate 
to the ADS Win2K domain from my Redhat 9.0 box.

I have read the user gorup archives,man pages, for smb.conf and winbind, 
and I have read Head/3.0 documentation, specifically this part is where 
I started:

http://us3.samba.org/samba/devel/docs/html/Samba-HOWTO-Collection.html#ads-member

The docs are sadly not complete....

Anyway I am able to get wbinfo -u and wbinfo -g to work and of course I 
joined the domain correctly. I can see the Redhat box in Network 
neighborhood and in AD. I get the following error from wbinfo -t:

checking the trust secret via RPC failed
error code was NT_STATUS_UNSUCCESFUL (0x0000001)
Could not check secret

And when I try a wbinfo -a it fails with:

error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
error message was: No logon servers
Could not authenticate......

I ran across a newsgroup entry from June with the same problem as above 
but there was no conclusion to the matter in the thread.

It seems to me that, of course, it can't find the Win2k DC but when I do 
a net lookup ldap|kdc everything comes up fine, reverse DNS lookup works 
fine as well as forward DNS; AND why does wbinfo -u and -g work if it 
can't find the DC?

Anyway I am stuck here -- any help would be appreciated.

Here is the relevant smb.conf entries:

workgroup = mydoamin.com
realm = mydoamin.com
security = ads
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
template homedir = /home/%U
template shell = /bin/bash
name resolve order = hosts wins lmhosts bcast
create mode = 700
directory = 700
password server = *
encrypt passwords = yes

On Fri, 15 Aug 2003, Matthew McCarty wrote:
> My goal here is to add my Redhat 9.0 box to the domain and authenticate
> to the ADS Win2K domain from my Redhat 9.0 box.
>
> I have read the user gorup archives,man pages, for smb.conf and winbind,
> and I have read Head/3.0 documentation, specifically this part is where
> I started:
>
>
http://us3.samba.org/samba/devel/docs/html/Samba-HOWTO-Collection.html#ads-member
>
> The docs are sadly not complete....
Then please tell us precisely what is missing! By saying that it's
incomplete you are doing those of us who want to help you a disservice.
For goodness sake tell us where it is incomplete and do not leave us in no
mans land!

Have you checked CVS as of about 1 hour ago? Samba3-rc1 has just been cut
from the code tree - this means that if it is incomplete you have NO
chance of getting this fixed for RC1. Had you told us what is missing you
might have stood a chance of having complete documentation. Sorry, the
ball is in your court.
>
> Anyway I am able to get wbinfo -u and wbinfo -g to work and of course I
> joined the domain correctly. I can see the Redhat box in Network
> neighborhood and in AD. I get the following error from wbinfo -t:
>
> checking the trust secret via RPC failed
> error code was NT_STATUS_UNSUCCESFUL (0x0000001)
> Could not check secret
>
> And when I try a wbinfo -a it fails with:
>
> error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
> error message was: No logon servers
> Could not authenticate......
So please send us a complete step by step list of exactly what you did.
>
> I ran across a newsgroup entry from June with the same problem as above
> but there was no conclusion to the matter in the thread.
Samba3 has undergone a LOT of change since June. Sorry, this is not
necessarily useful information.
>
> It seems to me that, of course, it can't find the Win2k DC but when I
do
> a net lookup ldap|kdc everything comes up fine, reverse DNS lookup works
> fine as well as forward DNS; AND why does wbinfo -u and -g work if it
> can't find the DC?
Do you have a network trace (capture from Ethereal) to show us?
Have you tried to decode that yourself?

Do you have a log level 10 log file to send us?
Have you looked through that yourself?
>
> Anyway I am stuck here -- any help would be appreciated.
Well, oddly enough, that's what we are trying to give you. :)
>
> Here is the relevant smb.conf entries:
>
> workgroup = mydoamin.com
> realm = mydoamin.com
> security = ads
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
> template homedir = /home/%U
> template shell = /bin/bash
> name resolve order = hosts wins lmhosts bcast
> create mode = 700
> directory = 700
> password server = *
> encrypt passwords = yes
- John T.
-- 
John H Terpstra
Email: jht@samba.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 15 Aug 2003, Matthew McCarty wrote:
> Anyway I am able to get wbinfo -u and wbinfo -g to work and of course I 
> joined the domain correctly. I can see the Redhat box in Network 
> neighborhood and in AD. I get the following error from wbinfo -t:
> 
> checking the trust secret via RPC failed
> error code was NT_STATUS_UNSUCCESFUL (0x0000001)
> Could not check secret
> 
> And when I try a wbinfo -a it fails with:
> 
> error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
> error message was: No logon servers
> Could not authenticate......
run "winbindd -d 10" and look at the log.  Grep for 
NT_STATUS_NO_LOGON_SERVERS and see why the name resolution 
is failing.




cheers, jerry
 ----------------------------------------------------------------------
 Hewlett-Packard            ------------------------- http://www.hp.com
 SAMBA Team                 ---------------------- http://www.samba.org
 GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
 "You can never go home again, Oatman, but I guess you can shop
there."
                            --John Cusack - "Grosse Point Blank"
(1997)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE/QiQIIR7qMdg1EfYRAn9LAKCn3gdJyJhnj1ytKUm1WkYigHW/yACcCVuX
GNrVEo1+46MDI5LAKNXNnvg=EP+s
-----END PGP SIGNATURE-----