samba - Nov 2008 - FW: "wbinfo -g" return incomplete list

Hello everybody

I don't received any respons or information about this issue ... 

Any help or information will be greatly appreciated.

Thanks a lot in advance

Christian PIGNOL
04  73 67 48 65

> ______________________________________________ 
> From: 	PIGNOL, Christian  
> Sent:	mardi 4 novembre 2008 11:33
> To:	'Samba List'
> Subject:	"wbinfo -g"return incomplete list
> 
> Hello,
> 
> I've a trouble with my Samba (3.0.10-1.4E.11) on a RHEL4.
> 
> This Samba was joined in a Windows AD Domain without problem.
> 
> Bellow, an extract of the smb.conf (without the share)
> 
> [global]
>         workgroup = ONE
>         realm = MYDOM.COM
>         netbios aliases = srv0001
>         server string = SRV0001 / Intranet & Applications Server
>         security = DOMAIN
>         password server = PWDSRV01, PWDSRV02, PWDSRV03, *
>         algorithmic rid base = 100000
>         pam password change = Yes
>         passwd program = /usr/bin/passwd %u
>         passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
>         client NTLMv2 auth = Yes
>         client lanman auth = No
>         client plaintext auth = No
>         log level = 4
>         log file = /var/log/samba/%m.log
>         max log size = 1000
>         debug pid = Yes
>         debug uid = Yes
>         max xmit = 65535
>         socket options = IPTOS_THROUGHPUT TCP_NODELAY SO_RCVBUF=16384
> SO_SNDBUF=16384
>         add user script = /usr/sbin/useradd %u -g smbusers
>         delete user script = /usr/sbin/userdel %u
>         os level = 33
>         preferred master = No
>         local master = No
>         domain master = No
>         dns proxy = No
>         wins server = xx.xx.xx.xx yy.yy.yy.yy
>         ldap ssl = no
>         idmap uid = 100000-999999999
>         idmap gid = 100000-999999999
>         template shell = /bin/bash
>         winbind separator = /
>         winbind enable local accounts = Yes
>         winbind use default domain = Yes
>         winbind nested groups = Yes
>         create mask = 0775
>         nt acl support = No
>         printing = lprng
>         print command = lpr -r -P'%p' %s
>         lpq command = lpq -P'%p'
>         lprm command = lprm -P'%p' %j
>         lppause command = lpc hold '%p' %j
>         lpresume command = lpc release '%p' %j
>         queuepause command = lpc stop '%p'
>         queueresume command = lpc start '%p'
> 
> This domain, ONE.MYDOM.COM has bidirectionnal relationships with other
> domains ... TWO.MYDOM.COM    THREE.MYDOM.COM    ...etc, ...
> 
> When I ask a list of domains with "wbinfo -m", the result is :
> 
> [root@srv0001 samba]# wbinfo -m
> SRV0001
> BUILTIN
> TWO
> THREE
> FOUR
> FIVE
> . . .
> [root@srv0001 samba]#
> 
> I see all the trusted domain, well, but I don't see the ONE domain !
> A "wbinfo -g" command return me only trusted domains groups ...
never
> groups of the primary "ONE" domain
> 
> It seems that everything is working fine ... (see below)
> 
> [root@srv0001 samba]# wbinfo -n ONE/user01
> S-1-5-21-6776287-1952083785-2110791508-497344 User (1)
> [root@srv0001 samba]# wbinfo -S
> S-1-5-21-6776287-1952083785-2110791508-497344
> 100020
> [root@srv0001 samba]# wbinfo -t
> checking the trust secret via RPC calls succeeded
> [root@srv0001 samba]#  wbinfo -a ONE/user01%good_password
> plaintext password authentication succeeded
> challenge/response password authentication succeeded
> [root@srv0001 samba]#  wbinfo -a ONE/user01%bad_password
> challenge/response password authentication failed
> error code was NT_STATUS_WRONG_PASSWORD (0xc000006a)
> error messsage was: Wrong Password
> Could not authenticate user ONE/user01 with challenge/response
> [root@srv0001 samba]#
> 
> Except accessing groups and users of the primary domain ONE ... and I
> need to access these groups to include them in ACLs
> 
> When I try a "wbinfo -g", I see the following message in
winbindd.log
> :
> 
> [2008/11/04 11:30:25, 3, pid=22415, effective(0, 0), real(0, 0)]
> nsswitch/winbindd_group.c:get_sam_group_entries(536)
>   get_sam_group_entries: could not enumerate domain groups! Error:
> NT_STATUS_ACCESS_DENIED
> 
> Is it related ?
> 
> 
> Any help would be appreciated.
> 
> Thanks a lot in advance and regards.
> 
> 
> Christian PIGNOL
> 04  73 67 48 65
> 
Notice:  This e-mail message, together with any attachments, contains
information of Merck & Co., Inc. (One Merck Drive, Whitehouse Station,
New Jersey, USA 08889), and/or its affiliates (which may be known
outside the United States as Merck Frosst, Merck Sharp & Dohme or
MSD and in Japan, as Banyu - direct contact information for affiliates is
available at http://www.merck.com/contact/contacts.html) that may be
confidential, proprietary copyrighted and/or legally privileged. It is
intended solely for the use of the individual or entity named on this
message. If you are not the intended recipient, and have received this
message in error, please notify us immediately by reply e-mail and
then delete it from your system.