List members,
I have an issue that I hope one of you can help me with ... I have
set up a AD ( 2003 ) as PDC and a RHE3 AS server running Samba V3.0.6-2.3E
following the instructions in the HOW-TO- By example. Here is what I have
at the moment ..
I had no problems adding the RH server to the Domain and I have Winbind set
up in the nsswitch.conf file for passwd, group and hosts
I can do a "wbinfo -u" and it returns
D1+Administrator
D1+Guest
D1+SUPPORT_388945a0
D1+IUSR_MEDIA-1
D1+IWAM_MEDIA-1
D1+WMUS_MEDIA-1
D1+MEDIA-1$
D1+krbtgt
D1+tuser2
D1+kmb
D1+HOST/gs005
D1+HOST/gs015
wbinfo -g returns
BUILTIN+System Operators
BUILTIN+Replicators
BUILTIN+Guests
BUILTIN+Power Users
BUILTIN+Print Operators
BUILTIN+Administrators
BUILTIN+Account Operators
BUILTIN+Backup Operators
BUILTIN+Users
D1+Domain Computers
D1+Domain Controllers
D1+Schema Admins
D1+Enterprise Admins
D1+Domain Admins
D1+Domain Users
D1+Domain Guests
D1+Group Policy Creator Owners
D1+DnsUpdateProxy
Now when I perform a smbclient command such as
smbclient -L //gs005/ -Utuser2
Password:xxxxxxxx
session setup failed: NT_STATUS_LOGON_FAILURE
[root@gs005 etc]#
as you can see I am running this on the same server that I'm looking for
the list from. I get the same results using localhost and 127.0.0.1 as
well. Also I get the same result when I run this command on another Linux
box asking for the same info...
The Winbind trace looks like this.
user 'tuser2' does not exist
[10175]: getpwnam D1+TUSER2
rpc: name_to_sid name=TUSER2
name_to_sid [rpc] TUSER2 for domain D1
Connected to LDAP server 192.168.14.168
got ldap server name media-1@D1.SANDTEST.COM, using bind path:
dc=D1,dc=SANDTEST,dc=COM
IPC$ connections done anonymously
Connecting to host=MEDIA-1
Connecting to 192.168.14.168 at port 445
Doing spnego session setup (blob length=112)
got OID=1 2 840 48018 1 2 2
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 113554 1 2 2 3
got OID=1 3 6 1 4 1 311 2 2 10
got principal=media-1$@D1.SANDTEST.COM
Doing kerberos session setup
Ticket in ccache[MEMORY:cliconnect] expiration Sun, 08 May 2005 09:49:08 GMT
user 'TUSER2' does not exist
[10175]: getpwnam tuser2
[10175]: getpwnam TUSER2
[10175]: create_user: user=>(tuser2), group=>()
winbindd_create_user: Cannot validate gid for group ('Domain Users')
[10175]: getpwnam tuser2
[10175]: getpwnam TUSER2
Any body seen this and know where I should go to look for a solution.
Thanks
Kevin
Kevin M. Barrett
KMB IT Consulting, Inc
508-450-7717
On Saturday 07 May 2005 21:52, Kevin M. Barrett wrote:> List members, > > I have an issue that I hope one of you can help me with ... I have > set up a AD ( 2003 ) as PDC and a RHE3 AS server running Samba V3.0.6-2.3E > following the instructions in the HOW-TO- By example. Here is what I have > at the moment ..Wowa! Which are you following? The Samba-3 HOWTO and Reference Guide, or Samba-3 by Example? More importantly, which version? Printed or on-line PDF? Yes, I would like to know as I am in the process of updating both. Now, what is the returned information from executing the following? net ads testjoin net ads info - John T.> I had no problems adding the RH server to the Domain and I have Winbind set > up in the nsswitch.conf file for passwd, group and hosts > > I can do a "wbinfo -u" and it returns > > D1+Administrator > D1+Guest > D1+SUPPORT_388945a0 > D1+IUSR_MEDIA-1 > D1+IWAM_MEDIA-1 > D1+WMUS_MEDIA-1 > D1+MEDIA-1$ > D1+krbtgt > D1+tuser2 > D1+kmb > D1+HOST/gs005 > D1+HOST/gs015 > > wbinfo -g returns > > BUILTIN+System Operators > BUILTIN+Replicators > BUILTIN+Guests > BUILTIN+Power Users > BUILTIN+Print Operators > BUILTIN+Administrators > BUILTIN+Account Operators > BUILTIN+Backup Operators > BUILTIN+Users > D1+Domain Computers > D1+Domain Controllers > D1+Schema Admins > D1+Enterprise Admins > D1+Domain Admins > D1+Domain Users > D1+Domain Guests > D1+Group Policy Creator Owners > D1+DnsUpdateProxy > > > Now when I perform a smbclient command such as > > smbclient -L //gs005/ -Utuser2 > Password:xxxxxxxx > session setup failed: NT_STATUS_LOGON_FAILURE > [root@gs005 etc]# > > as you can see I am running this on the same server that I'm looking for > the list from. I get the same results using localhost and 127.0.0.1 as > well. Also I get the same result when I run this command on another Linux > box asking for the same info... > > The Winbind trace looks like this. > > user 'tuser2' does not exist > [10175]: getpwnam D1+TUSER2 > rpc: name_to_sid name=TUSER2 > name_to_sid [rpc] TUSER2 for domain D1 > Connected to LDAP server 192.168.14.168 > got ldap server name media-1@D1.SANDTEST.COM, using bind path: > dc=D1,dc=SANDTEST,dc=COM > IPC$ connections done anonymously > Connecting to host=MEDIA-1 > Connecting to 192.168.14.168 at port 445 > Doing spnego session setup (blob length=112) > got OID=1 2 840 48018 1 2 2 > got OID=1 2 840 113554 1 2 2 > got OID=1 2 840 113554 1 2 2 3 > got OID=1 3 6 1 4 1 311 2 2 10 > got principal=media-1$@D1.SANDTEST.COM > Doing kerberos session setup > Ticket in ccache[MEMORY:cliconnect] expiration Sun, 08 May 2005 09:49:08 > GMT user 'TUSER2' does not exist > [10175]: getpwnam tuser2 > [10175]: getpwnam TUSER2 > [10175]: create_user: user=>(tuser2), group=>() > winbindd_create_user: Cannot validate gid for group ('Domain Users') > [10175]: getpwnam tuser2 > [10175]: getpwnam TUSER2 > > Any body seen this and know where I should go to look for a solution. > > Thanks > > Kevin > > > > > Kevin M. Barrett > > KMB IT Consulting, Inc > 508-450-7717-- John H Terpstra, Clerk of Session Christ Presbyerian Church (OPC) Salt Lake City, Utah. Phone: (801) 936-1367 Cell: (650) 580-8668
Thanks for the quick reply... See below in context .... At 12:00 AM 5/8/2005, you wrote:>On Saturday 07 May 2005 21:52, Kevin M. Barrett wrote: > > List members, > > > > I have an issue that I hope one of you can help me with ... I have > > set up a AD ( 2003 ) as PDC and a RHE3 AS server running Samba V3.0.6-2.3E > > following the instructions in the HOW-TO- By example. Here is what I have > > at the moment .. > >Wowa! Which are you following? The Samba-3 HOWTO and Reference Guide, or >Samba-3 by Example? More importantly, which version? Printed or on-line PDF?On line version ... URL http://us1.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm>Yes, I would like to know as I am in the process of updating both. > >Now, what is the returned information from executing the following? > > net ads testjoinJoin is OK> net ads infoLDAP server: 192.168.14.168 LDAP server name: media-1 Realm: D1.SANDTEST.COM Bind Path: dc=D1,dc=SANDTEST,dc=COM LDAP port: 389 Server time: Sun, 08 May 2005 00:10:20 GMT KDC server: 192.168.14.168 Server time offset: -23> - John T. > > > I had no problems adding the RH server to the Domain and I have Winbind set > > up in the nsswitch.conf file for passwd, group and hosts > > > > I can do a "wbinfo -u" and it returns > > > > D1+Administrator > > D1+Guest > > D1+SUPPORT_388945a0 > > D1+IUSR_MEDIA-1 > > D1+IWAM_MEDIA-1 > > D1+WMUS_MEDIA-1 > > D1+MEDIA-1$ > > D1+krbtgt > > D1+tuser2 > > D1+kmb > > D1+HOST/gs005 > > D1+HOST/gs015 > > > > wbinfo -g returns > > > > BUILTIN+System Operators > > BUILTIN+Replicators > > BUILTIN+Guests > > BUILTIN+Power Users > > BUILTIN+Print Operators > > BUILTIN+Administrators > > BUILTIN+Account Operators > > BUILTIN+Backup Operators > > BUILTIN+Users > > D1+Domain Computers > > D1+Domain Controllers > > D1+Schema Admins > > D1+Enterprise Admins > > D1+Domain Admins > > D1+Domain Users > > D1+Domain Guests > > D1+Group Policy Creator Owners > > D1+DnsUpdateProxy > > > > > > Now when I perform a smbclient command such as > > > > smbclient -L //gs005/ -Utuser2 > > Password:xxxxxxxx > > session setup failed: NT_STATUS_LOGON_FAILURE > > [root@gs005 etc]# > > > > as you can see I am running this on the same server that I'm looking for > > the list from. I get the same results using localhost and 127.0.0.1 as > > well. Also I get the same result when I run this command on another Linux > > box asking for the same info... > > > > The Winbind trace looks like this. > > > > user 'tuser2' does not exist > > [10175]: getpwnam D1+TUSER2 > > rpc: name_to_sid name=TUSER2 > > name_to_sid [rpc] TUSER2 for domain D1 > > Connected to LDAP server 192.168.14.168 > > got ldap server name media-1@D1.SANDTEST.COM, using bind path: > > dc=D1,dc=SANDTEST,dc=COM > > IPC$ connections done anonymously > > Connecting to host=MEDIA-1 > > Connecting to 192.168.14.168 at port 445 > > Doing spnego session setup (blob length=112) > > got OID=1 2 840 48018 1 2 2 > > got OID=1 2 840 113554 1 2 2 > > got OID=1 2 840 113554 1 2 2 3 > > got OID=1 3 6 1 4 1 311 2 2 10 > > got principal=media-1$@D1.SANDTEST.COM > > Doing kerberos session setup > > Ticket in ccache[MEMORY:cliconnect] expiration Sun, 08 May 2005 09:49:08 > > GMT user 'TUSER2' does not exist > > [10175]: getpwnam tuser2 > > [10175]: getpwnam TUSER2 > > [10175]: create_user: user=>(tuser2), group=>() > > winbindd_create_user: Cannot validate gid for group ('Domain Users') > > [10175]: getpwnam tuser2 > > [10175]: getpwnam TUSER2 > > > > Any body seen this and know where I should go to look for a solution. > > > > Thanks > > > > Kevin > > > > > > > > > > Kevin M. Barrett > > > > KMB IT Consulting, Inc > > 508-450-7717 > >-- >John H Terpstra, >Clerk of Session >Christ Presbyerian Church (OPC) >Salt Lake City, Utah. >Phone: (801) 936-1367 >Cell: (650) 580-8668 >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/sambaKevin M. Barrett KMB IT Consulting, Inc 508-450-7717