I hope this is just one of those issues where just after hitting the
send button I figure out what is wrong. Client is 3.0.4 (also tried with
3.0.3) and server is windows 2003 with all patches as of today applied via
windows update.
Short summary: wbinfo -u doesn't work and wbinfo -g lists just a BUILTIN
domain.
I have done this lots of times, but now winbind seems to be not working anymore.
From the beggining:
- grab a ticket:
[root@pandora root]# kinit -p Administrator
Password for Administrator@DISTRO.CONECTIVA:
- join the win2k3 domain:
[root@pandora root]# net ads join
[2004/05/11 16:20:55, 0] libads/ldap.c:ads_add_machine_acct(1006)
Host account for pandora already exists - modifying old account
Using short domain name -- DISTRO
Joined 'PANDORA' to realm 'DISTRO.CONECTIVA'
- test:
[root@pandora root]# net ads testjoin
Join is OK
- list tickets ("expandora" is the win2k3 kdc/pdc):
[root@pandora root]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator@DISTRO.CONECTIVA
Valid starting Expires Service principal
05/11/04 16:20:51 05/12/04 02:20:01 krbtgt/DISTRO.CONECTIVA@DISTRO.CONECTIVA
renew until 05/12/04 16:20:51
05/11/04 16:20:03 05/12/04 02:20:01 expandora$@DISTRO.CONECTIVA
renew until 05/12/04 16:20:51
05/11/04 16:20:03 05/11/04 16:22:03 kadmin/changepw@DISTRO.CONECTIVA
renew until 05/11/04 16:22:03
- after winbindd is up, check secret:
[root@pandora root]# wbinfo -t
checking the trust secret via RPC calls succeeded
- list users:
[root@pandora root]# wbinfo -u
Error looking up domain users
Uhoh...
- list groups:
[root@pandora root]# wbinfo -g
BUILTIN\System Operators
BUILTIN\Replicators
BUILTIN\Guests
BUILTIN\Power Users
(...)
"BUILTIN"?
/etc/nsswitch.conf:
[root@pandora root]# grep winbind /etc/nsswitch.conf
passwd: files nisplus winbind
group: files nisplus winbind
"getent group" lists the same BUILTIN groups...
What is wrong?
On Tue, May 11, 2004 at 04:26:18PM -0300, Andreas wrote:> I hope this is just one of those issues where just after hitting the > send button I figure out what is wrong. Client is 3.0.4 (also tried with > 3.0.3) and server is windows 2003 with all patches as of today applied via > windows update. > > Short summary: wbinfo -u doesn't work and wbinfo -g lists just a BUILTIN > domain.Downgrading to 3.0.2a makes this whole procedure work again...
Gerald (Jerry) Carter
2004-May-11 19:46 UTC
[Samba] 3.0.4: winbind not working with windows 2003?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andreas wrote: | I hope this is just one of those issues where just after hitting the | send button I figure out what is wrong. Client is 3.0.4 (also tried with | 3.0.3) and server is windows 2003 with all patches as of today applied via | windows update. please send me a level 10 debug log from winbindd that covers startup to a failed attempt of 'wbinfo -t' And also take a look at https://bugzilla.samba.org/show_bug.cgi?id=1315 to sse if that bug report matches what you are seeing. - -- cheers, jerry - ---------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." ----------- Sting -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAoS1dIR7qMdg1EfYRAjbHAKCL88tb6NrlbvL2iy3SwQxdONWNuQCdF5EA Af3dm2WG7dUj2I/hztBPc4w=ANZI -----END PGP SIGNATURE-----
On Tue, May 11, 2004 at 04:26:18PM -0300, Andreas wrote:> I hope this is just one of those issues where just after hitting the > send button I figure out what is wrong. Client is 3.0.4 (also tried withWell, it seems it was one of those :) I just realized I had "security = ads" and both "domain master" and "domain logons" also set to yes... It worked with 3.0.2a because when I downgraded my smb.conf was replaced with a default one which I reconfigured correctly this time.
Andreas
2004-May-11 19:58 UTC
BOGUS Re: [Samba] 3.0.4: winbind not working with windows 2003?
On Tue, May 11, 2004 at 04:26:18PM -0300, Andreas wrote:> I hope this is just one of those issues where just after hitting the > send button I figure out what is wrong. Client is 3.0.4 (also tried with > 3.0.3) and server is windows 2003 with all patches as of today applied via > windows update. > > Short summary: wbinfo -u doesn't work and wbinfo -g lists just a BUILTIN > domain.BOGUS report, sorry. It was a misconfiguration on my part (security=ads and at the same time "domain logons=yes" and "domain master=yes"). I started wondering when win2k3 said my machine was a domain controller and couldn't be deleted :)