samba - Aug 2008 - Samba 3.0.2x Wbinfo -t ShowslJoined, but -u and -g fail to retrieve anything

Folks,

I'm working on troubleshooting an installation where Samba 3.0.2x is joined
to the domain.  If I issue the command "wbinfo -t" it shows the secret
is correct.  If issues "wbinfo -u" or "wbinfo -g" they give
an error about being unable to retrieve any users or groups.

Just to test whether I could authenticate against the domain, I tried using
ntlm_auth with the following commands and was unable to authenticate:
> /etc/raddb # ntlm_auth --debuglevel 10 --username=<correct name here>
--domain=<correct domain here> --password '<correct password
here>'
[2008/08/25 17:16:49, 5] lib/debug.c:debug_dump_status(391)
 INFO: Current debug levels:
   all: True/10
   tdb: False/0
   printdrivers: False/0
   lanman: False/0
   smb: False/0
   rpc_parse: False/0
   rpc_srv: False/0
   rpc_cli: False/0
   passdb: False/0
   sam: False/0
   auth: False/0
   winbind: False/0
   vfs: False/0
   idmap: False/0
   quota: False/0
   acls: False/0
   locking: False/0
   msdfs: False/0
   dmapi: False/0
[2008/08/25 17:16:49, 10] intl/lang_tdb.c:lang_tdb_init(138)
 lang_tdb_init: /usr/lib/samba/en_US.msg: No such file or directory
NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc000005e)


I'm not working on my own AD network, so I'm not familier with all the
settings or configuration for the domain.  What domain settings or
configurations might allow Samba to join, but prevent the listing of users and
groups?

Does anyone have any suggestions about what might be causing these errors?

Thanks in advance for your help.

Regards,

Mark Gannon

mark@truenorth.nu wrote:
> I'm working on troubleshooting an installation where Samba 3.0.2x is
joined to the domain.  If I issue the command "wbinfo -t" it shows the
secret is correct.  If issues "wbinfo -u" or "wbinfo -g"
they give an error about being unable to retrieve any users or groups.
> [2008/08/25 17:16:49, 10] intl/lang_tdb.c:lang_tdb_init(138)
>  lang_tdb_init: /usr/lib/samba/en_US.msg: No such file or directory
> NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc000005e)
Hi Mark,

Not sure if you've resolved this yet, but how do you specify logon 
servers in your smb.conf?  Do you explicitly list them or do you rely 
upon DNS to find them?

Here is what a successful run of the same command issued by me on 3.0.30 
returns:

 > ntlm_auth -d 10 --username=<username> --domain=<domain>
[2008/08/26 06:39:49, 5] lib/debug.c:debug_dump_status(391)
   INFO: Current debug levels:
     all: True/10
     tdb: False/0
     printdrivers: False/0
     lanman: False/0
     smb: False/0
     rpc_parse: False/0
     rpc_srv: False/0
     rpc_cli: False/0
     passdb: False/0
     sam: False/0
     auth: False/0
     winbind: False/0
     vfs: False/0
     idmap: False/0
     quota: False/0
     acls: False/0
     locking: False/0
     msdfs: False/0
     dmapi: False/0
password:
[2008/08/26 06:40:00, 10] intl/lang_tdb.c:lang_tdb_init(138)
   lang_tdb_init: /usr/lib/samba/en_US.UTF-8.msg: No such file or directory
NT_STATUS_OK: Success (0x0)


To troubleshoot the missing logon servers, if you search via DNS, try a 
manual search from the host in question with the following:

host -t srv _ldap._tcp.dc._msdcs.<insert realm here>

Or you might list your DCs and see if that makes a difference.

Also, what is the output of 'net ads testjoin -d 3' ?

(If you continue to have issues, please post a sanitized smb.conf.)

HTH,
-- 
Josh Miller, RHCE/VCP
Seattle, WA
Linux Solutions Provider
http://itsecureadmin.com/