Дорофеев Михаил Сергеевич
2004-Jan-19 03:56 UTC
[Samba] W2K AD domain join success, wbinfo -t error - question
Hi all!
I'm configuring Samba 3.0.1 on Solaris 9 (rel s9_58shwpl3) Sparc.
Have successfully installed Ldap libs, Krb5 libs, and, finally - Samba. Trying
to join W2KSP4 domain.
net rpc join -S dc01 -U Administrator
Gives
bash-2.05# /usr/local/samba/bin/net rpc join -S dc01-tmn -U Administrator
Password:
Joined domain MYDOMAIN.
Now i start winbindd.
The smb.conf file is:
WORKGROUP=MYDOMAIN
security = domain
winbind use default domain = yes
winbind separator = +
idmap uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /export/home/%D/%U
template shell = /bin/bash
Then
wbinfo -g LISTS domain groups and
wbinfo -u LISTS domain users.
See below
(bash-2.05# ./wbinfo -g
Domain Admins
Domain Users
Domain Guests
.....
about 100 groups)
BUT wbinfo -t gives the error:
bash-2.05# ./wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_NO_TRUST_SAM_ACCOUNT (0xc000018b)
Could not check secret
bash-2.05#
And net rpc testjoin sais:
bash-2.05# ./net rpc testjoin
[2004/01/19 08:43:40, 0] utils/net_rpc_join.c:net_rpc_join_ok(73)
Error in domain join verfication (fresh connection)
Join to domain 'TMN' is not valid
The log is:
Jan 16 18:47:39 SAMBA_SERVER pam_winbind[9808]: [ID 467601 auth.error] request
failed: No trusted SAM account, PAM error was 4, NT error was
NT_STATUS_NO_TRUST_SAM_ACCOUNT
Jan 16 18:47:39 SAMBA_SERVER pam_winbind[9808]: [ID 637597 auth.error] internal
module error (retval = 4, user = `root'
Jan 17 12:59:12 SAMBA_SERVER winbindd[9713]: [ID 702911 daemon.error]
[2004/01/17 12:59:12, 0] lib/util_sock.c:write_socket_data(388)
Jan 17 12:59:12 SAMBA_SERVER winbindd[9713]: [ID 702911 daemon.error]
write_socket_data: write failure. Error = Broken pipe
Jan 17 12:59:12 SAMBA_SERVER winbindd[9713]: [ID 702911 daemon.error]
[2004/01/17 12:59:12, 0] lib/util_sock.c:write_socket(413)
Jan 17 12:59:12 SAMBA_SERVER winbindd[9713]: [ID 702911 daemon.error]
write_socket: Error writing 138 bytes to socket 14: ERRNO = Broken pipe
Jan 17 12:59:12 SAMBA_SERVER winbindd[9713]: [ID 702911 daemon.error]
[2004/01/17 12:59:12, 0] libsmb/clientgen.c:cli_send_smb(155)
Jan 17 12:59:12 SAMBA_SERVER winbindd[9713]: [ID 702911 daemon.error] Error
writing 138 bytes to client. -1 (Broken pipe)
Jan 17 12:59:12 SAMBA_SERVER winbindd[9713]: [ID 702911 daemon.error]
[2004/01/17 12:59:12, 0] rpc_client/cli_pipe.c:rpc_api_pipe(424)
Jan 17 12:59:12 SAMBA_SERVER winbindd[9713]: [ID 702911 daemon.error]
cli_pipe: return critical error. Error was Write error: Broken pipe
Jan 17 13:59:16 SAMBA_SERVER net[25311]: [ID 702911 user.error] [2004/01/17
13:59:16, 0] utils/net.c:net_getlocalsid(414)
Jan 17 13:59:16 SAMBA_SERVER net[25311]: [ID 702911 user.error] Can't
fetch domain SID for name: SAMBA_SERVER
Jan 19 07:45:52 SAMBA_SERVER ftpd[25362]: [ID 484914 daemon.notice]
gethostbyaddr: host136-5.pool8249.interbusiness.it. != 82.49.5.136
Jan 19 08:43:40 SAMBA_SERVER net[26014]: [ID 702911 user.error] [2004/01/19
08:43:40, 0] utils/net_rpc_join.c:net_rpc_join_ok(73)
Jan 19 08:43:40 SAMBA_SERVER net[26014]: [ID 702911 user.error] Error in
domain join verfication (fresh connection)
(WHERE SAMBA_SERVER is the name of my Samba box I'm playing with - changed,
BUT the original name of the samba server IS resolved from any of domain
controllers)
The patch 113476-05 IS applied (although it is needed for the nss mechanism to
work properly).
What am i doing wrong ?
Help is really needed, since i,m playing with half-prodaction server hence can
not play-and-change-and-reboot much :(.
Thanks all in advance!!!
Possibly Parallel Threads
- Telnet to samba box does NOT work: wb_getgrgid: failed to locate gid == 1000
- idmap uid range 10000-20000: pam_winbind does NOT work ?
- user granted access, but still no shell prompt
- idmap uid range 10000-20000: pam_winbind does NOT wor k ?
- PAM (winbind?) auth still does NOT work on Solaris 9
Wisdom of the Ancients
