Turki Al-Ibrahim
2005-Sep-22 22:50 UTC
[Samba] winbind joins with domain name , not netbios name
Hi, I am having a problem with Winbind: First, some information .. Domain name :TESTDOM PDC's Netbios name : ubuntu Samba version : 3.0.20 (lateset patches installed) with LDAP backend. Linux : Ubuntu 2.6.10 Samba is running smoothly, with no problems. I want to use Winbin, so I followed Samba HowTo - chapter 23 http://us5.samba.org/samba/docs/man/Samba3-HOWTO/winbind.html#id2634776 I wanted to configure winbind to use the domain installed in the same server, so I joined using this command : net join -U administrator It says Joined Domain TESTDOM , and a machine account is created in LDAP with the following attributes : dn: uid=ubuntu$,ou=Computers,dc=testdom,dc=com> objectClass: top,inetOrgPerson,posixAccount,sambaSamAccount > cn: ubuntu$ > sn: ubuntu$ > uid: ubuntu$ > uidNumber: 1006 > gidNumber: 515 > homeDirectory: /dev/null > loginShell: /bin/false > description: Computer > gecos: Computer > sambaSID: S-1-5-21-649663798-2503265242-3544459435-3012 > sambaPrimaryGroupSID: S-1-5-21-649663798-2503265242-3544459435-2031 > displayName: Computer > sambaPwdCanChange: 1127424362 > sambaPwdMustChange: 2147483647 > sambaLMPassword: F6612BB25EF49A45DBF571ADD3E3B73E > sambaNTPassword: 3EFFA0C5FF16761A846B9B24192F5955 > sambaPwdLastSet: 1127424362 > sambaAcctFlags: [S ] >Then , I start Winbind. Here is the output of Winbind -u , -g & -t root@ubuntu:/var/www/samba-doc/htmldocs # wbinfo -u Error looking up domain users root@ubuntu:/var/www/samba-doc/htmldocs # wbinfo -g BUILTIN\Print Operators BUILTIN\Backup Operators BUILTIN\Replicators root@ubuntu:/var/www/samba-doc/htmldocs # wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_ACCESS_DENIED (0xc0000022) Could not check secret When I run wbingo -t (to check secret), smbd logs : ldapsam_getsampwnam: Unable to locate user [TESTDOM$] count=0 [2005/09/23 00:34:56, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2005/09/23 00:34:56, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242) get_md4pw: Workstation TESTDOM$: no account in domain The machine account it is searching is TESTDOM$ , which is the domain name , not the netbios name. Is this normal ? It should join with the netbios name of the PDC. I tried to create a machine trust account (smbldap-useradd -w) , didn't work. Can any body help me with this one ? Thanks & Regards. Here's smb.conf : [global] workgroup = TESTDOM netbios name = ubuntu syslog = 0 log level = 4 name resolve order = wins bcast hosts printcap name = CUPS show add printer wizard = No add user script = /usr/sbin/smbldap-useradd -a -m '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' domain logons = Yes domain master = yes wins support = yes printing = CUPS ldap passwd sync = Yes ldap admin dn = cn=Manager,dc=testdom,dc=com passdb backend = ldapsam:"ldap://127.0.0.1/" ldap delete dn = yes ldap suffix = dc=testdom,dc=com ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap idmap backend = ldap:ldap://localhost time server = yes logon path logon home idmap uid = 15000-20000 idmap gid = 15000-20000 template shell = /bin/bash security = user winbind use default domain = yes [homes] comment = Home Directories valid users = %S writeable = yes browseable = No [netlogon] comment = Network Logon Service path = /samba/netlogon browseable = no guest ok = yes -- Turki M. Al-Ibrahim turkim (at) gmail.com <http://gmail.com>
Turki Al-Ibrahim
2005-Sep-23 12:01 UTC
[Samba] winbind joins with domain name , not netbios name
Hi, I am having a problem with Winbind: First, some information .. Domain name :TESTDOM PDC's Netbios name : ubuntu Samba version : 3.0.20 (lateset patches installed) with LDAP backend. Linux : Ubuntu 2.6.10 Samba is running smoothly, with no problems. I wanted to use Winbind, so I followed Samba HowTo - chapter 23 http://us5.samba.org/samba/docs/man/Samba3-HOWTO/winbind.html#id2634776 I wanted to configure winbind to use the domain installed in the same server, so I joined using this command : net join -U administrator It says Joined Domain TESTDOM , and a machine account is created in LDAP with the following attributes : dn: uid=ubuntu$,ou=Computers,dc=testdom,dc=com objectClass: top,inetOrgPerson,posixAccount,sambaSamAccount cn: ubuntu$ sn: ubuntu$ uid: ubuntu$ uidNumber: 1006 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer sambaSID: S-1-5-21-649663798-2503265242-3544459435-3012 sambaPrimaryGroupSID: S-1-5-21-649663798-2503265242-3544459435-2031 displayName: Computer sambaPwdCanChange: 1127424362 sambaPwdMustChange: 2147483647 sambaLMPassword: F6612BB25EF49A45DBF571ADD3E3B73E sambaNTPassword: 3EFFA0C5FF16761A846B9B24192F5955 sambaPwdLastSet: 1127424362 sambaAcctFlags: [S ] (S should be for server trust account , is this normal ?) Then , I start Winbind. Here is the output of wbinfo -u , -g & -t root@ubuntu:/var/www/samba-doc/htmldocs # wbinfo -u Error looking up domain users root@ubuntu:/var/www/samba-doc/htmldocs # wbinfo -g BUILTIN\Print Operators BUILTIN\Backup Operators BUILTIN\Replicators root@ubuntu:/var/www/samba-doc/htmldocs # wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_ACCESS_DENIED (0xc0000022) Could not check secret When performing the command wbingo -t (to check secret), smbd logs : ldapsam_getsampwnam: Unable to locate user [TESTDOM$] count=0 [2005/09/23 00:34:56, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2005/09/23 00:34:56, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242) get_md4pw: Workstation TESTDOM$: no account in domain The machine account it is searching is TESTDOM$ , which is the domain name , not the netbios name. Can any body help me with this one ? Thanks & Regards. Here's smb.conf : [global] workgroup = TESTDOM netbios name = ubuntu syslog = 0 log level = 4 name resolve order = wins bcast hosts printcap name = CUPS show add printer wizard = No add user script = /usr/sbin/smbldap-useradd -a -m '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' domain logons = Yes domain master = yes wins support = yes printing = CUPS ldap passwd sync = Yes ldap admin dn = cn=Manager,dc=testdom,dc=com passdb backend = ldapsam:"ldap://127.0.0.1/" ldap delete dn = yes ldap suffix = dc=testdom,dc=com ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap idmap backend = ldap:ldap://localhost time server = yes logon path logon home idmap uid = 15000-20000 idmap gid = 15000-20000 template shell = /bin/bash security = user winbind use default domain = yes [homes] comment = Home Directories valid users = %S writeable = yes browseable = No [netlogon] comment = Network Logon Service path = /samba/netlogon browseable = no guest ok = yes
Andrew Reilly
2005-Sep-23 17:06 UTC
[Samba] winbind joins with domain name , not netbios name
Same issue, same behaviour. Very similar config. windbind log level: [2005/09/23 13:00:53, 6] nsswitch/winbindd.c:new_connection(596) accepted socket 17 [2005/09/23 13:00:53, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn INTERFACE_VERSION [2005/09/23 13:00:53, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(460) [ 0]: request interface version [2005/09/23 13:00:53, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2005/09/23 13:00:53, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493) [ 0]: request location of privileged pipe [2005/09/23 13:00:53, 6] nsswitch/winbindd.c:new_connection(596) accepted socket 18 [2005/09/23 13:00:53, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn CHECK_MACHACC [2005/09/23 13:00:53, 3] nsswitch/winbindd_misc.c:winbindd_check_machine_acct(35) [ 0]: check machine account> When I run wbingo -t (to check secret), smbd logs : > ldapsam_getsampwnam: Unable to locate user [TESTDOM$] count=0 > [2005/09/23 00:34:56, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 > [2005/09/23 00:34:56, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242) > get_md4pw: Workstation TESTDOM$: no account in domain >