Tobias Leers
2003-Sep-25 19:27 UTC
[Samba] winbind with win2003 server = Error looking up domain users
Hello list.
I installed samba 3.0.0 from source on a SuSE 8.2 with
./configure --with-configdir=/etc/samba/ --with-pam --with-acl-support
make
make install
cp samba-3.0.0/source/nsswitch/libnss_winbind.so /lib
ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
Next step was:
linux:/ # /usr/local/samba/bin/net rpc join -S PDC -U Administrator
Password:
Joined domain DOMAIN.
PDC is a Win2003 server.
Then:
linux:/ # /usr/local/samba/sbin/winbindd -F --debuglevel=20 -S
winbindd version 3.0.0 started.
Copyright The Samba Team 2000-2003
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file
"/etc/samba//smb.conf"
Processing section "[global]"
doing parameter workgroup = DOMAIN
doing parameter os level = 2
doing parameter time server = Yes
doing parameter unix extensions = Yes
doing parameter encrypt passwords = Yes
doing parameter log level = 1
doing parameter syslog = 0
doing parameter printing = CUPS
doing parameter printcap name = CUPS
doing parameter socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
doing parameter wins support = No
doing parameter veto files = /*.eml/*.nws/riched20.dll/*.{*}/
doing parameter winbind separator = +
doing parameter idmap uid = 10000-20000
doing parameter winbind gid = 10000-20000
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
Processing section "[homes]"
doing parameter comment = Home Directories
doing parameter valid users = %S
doing parameter browseable = No
doing parameter read only = No
doing parameter create mask = 0640
doing parameter directory mask = 0750
Processing section "[printers]"
doing parameter comment = All Printers
doing parameter path = /var/tmp
doing parameter printable = Yes
doing parameter create mask = 0600
doing parameter browseable = No
Processing section "[print$]"
doing parameter comment = Printer Drivers
doing parameter path = /var/lib/samba/drivers
doing parameter write list = @ntadmin root
doing parameter force group = ntadmin
doing parameter create mask = 0664
doing parameter directory mask = 0775
Processing section "[test]"
doing parameter comment = test
doing parameter path = /
pm_process() returned Yes
adding IPC service
adding IPC service
set_server_role: role = ROLE_STANDALONE
Substituting charset 'ISO-8859-15' for LOCALE
Substituting charset 'ISO-8859-15' for LOCALE
Substituting charset 'ISO-8859-15' for LOCALE
Substituting charset 'ISO-8859-15' for LOCALE
Substituting charset 'ISO-8859-15' for LOCALE
Substituting charset 'ISO-8859-15' for LOCALE
Substituting charset 'ISO-8859-15' for LOCALE
Substituting charset 'ISO-8859-15' for LOCALE
Substituting charset 'ISO-8859-15' for LOCALE
Substituting charset 'ISO-8859-15' for LOCALE
added interface ip=192.xxx.xxx.xxx bcast=192.xxx.xxx.255 nmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="LINUX"
added interface ip=192.xxx.xxx.xxx bcast=192.xxx.xxx.255 nmask=255.255.255.0
Opening cache file at /usr/local/samba/var/locks/gencache.tdb
namecache_enable: enabling netbios namecache, timeout 660 seconds
smb_register_idmap: Successfully added idmap backend 'ldap'
smb_register_idmap: Successfully added idmap backend 'tdb'
db_idmap_init: Opening tdbfile /usr/local/samba/var/locks/winbindd_idmap.tdb
This output stops here. Nothing new while executing following
commands:
linux:/ # /usr/local/samba/bin/wbinfo -t
checking the trust secret via RPC calls succeeded
linux:/ # /usr/local/samba/bin/wbinfo -u
Error looking up domain users
linux:/ # /usr/local/samba/bin/wbinfo -g
Error looking up domain groups
Anybody an idea? Some further debug possibilities?
MfG
Tobias
Gerald (Jerry) Carter
2003-Sep-27 16:24 UTC
[Samba] winbind with win2003 server = Error looking up domain users
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tobias Leers wrote: | Hello list. | | I installed samba 3.0.0 from source on a SuSE 8.2 with | ./configure --with-configdir=/etc/samba/ --with-pam --with-acl-support | make | make install | cp samba-3.0.0/source/nsswitch/libnss_winbind.so /lib | ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 | | Next step was: | linux:/ # /usr/local/samba/bin/net rpc join -S PDC -U Administrator | Password: | Joined domain DOMAIN. | | PDC is a Win2003 server. .... | | linux:/ # /usr/local/samba/bin/wbinfo -t | checking the trust secret via RPC calls succeeded | linux:/ # /usr/local/samba/bin/wbinfo -u | Error looking up domain users | linux:/ # /usr/local/samba/bin/wbinfo -g | Error looking up domain groups Windows 2003 server has the RestrictAnonymou spolicy set to disallow enumeration of users and groups. Talk a look at 'wbinfo --set-auth-user' cheers, jerry - ---------------------------------------------------------------------- ~ Hewlett-Packard ------------------------- http://www.hp.com ~ SAMBA Team ---------------------- http://www.samba.org ~ GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc ~ "You can never go home again, Oatman, but I guess you can shop there." ~ --John Cusack - "Grosse Point Blank" (1997) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/dbnDIR7qMdg1EfYRApkhAJ4qc6yhDzK7AuObXvZXV5MUbq6jgQCZAQWa eZlGEW4MVQAznqZp6XFcEac=u3Z5 -----END PGP SIGNATURE-----
Possibly Parallel Threads
- Winbind uselessly using up Idmap range in ldap
- check join Linux (SAMBA) to Domain controller Win2003!
- PAM authentication with winbind and AD
- Informal HOWTO - transparent authentication and optional outbound web filtering using Samba 3.0.13, Squid 2.5.STABLE7, SmartFilter 4.01, RedHat 9.0 in a Win2003 AD domain
- Samba 3.4.2 Winbind problem IDMAP GID range full