Hi.
I'm running FreeBSD with Samba 3.0.28 and have had success previously
with FreeBSD and an earlier version of Samba, and am in the process of
setting up a member server to act as a file server using the above
combination.
I have created a kerberos ticket, and successfully joined the domain:
ksm-smb# net ads join -UAdministrator%password
Using short domain name -- END-DESIGN
Joined 'KSM-SMB' to realm 'END-DESIGN.PRI'
ksm-smb# net ads testjoin
Join is OK
ksm-smb#
However, I get from log.winbindd-idmap:
[2008/01/14 09:57:38, 1] nsswitch/idmap.c:idmap_init(377)
Initializing idmap domains
[2008/01/14 10:02:37, 0]
nsswitch/winbindd_dual.c:async_request_timeout_handler(181)
async_request_timeout_handler: child pid 24842 is not responding.
Closing connection to it.
[2008/01/14 10:02:37, 1] nsswitch/winbindd_util.c:trustdom_recv(235)
Could not receive trustdoms
Doing a wbinfo -u or -g, receives a list of users and groups from the
DC, although they do not get preceded by the short domain name as in all
the examples (they are definitely valid users and groups on the DC
though), however doing a wbinfo -i administrator tells me it could not
get info for user administrator.
Trying 'getent passwd administrator' comes back blank, and 'getent
passwd' only lists the local users. The /etc/nsswitch file:
ksm-smb# cat /etc/nsswitch.conf
group: files winbind
group_compat: nis
passwd: files winbind
passwd_compat: nis
shells: files
shadow: files winbind
hosts: files dns
networks: files dns
services: files
protocols: files
rpc: files
ethers: files
netmasks: files
netgroup: files
publickey: files
bootparams: files
automount: files
aliases: files
ksm-smb#
Also, using wbinfo -a / -K also succeeds in authentication, and wbinfo
-t comes back as succeeded.
Additionally, using the 'net ads' commands 'info' and
'status' comes
back with lots of information suggesting it can talk to the AD server ok.
All this is the same config as the older server which has had to be
replaced, so I am at a loss as to why this appears to work, but fails
when it comes to users.
If anybody has any ideas, or has seen this before, I would most
appreciate any ideas as to why this all seems to have joined perfectly,
but doesn't seem able to get all the user information required.
Best Regards
Daren
