Wasil
2011-Mar-16 09:35 UTC
[Samba] wbinfo -u Don't show users from trusted(ing) domain on domain member server
Hi, All! I Have Samba (3.5.6) domain witch have trust relations with ADS (Named TEST) Win2008 (2008 domain mode) On PDC all working very good. I have also Domain Member server in my samba Domain. When i trying type wbinfo -u, or getent passwd on samba PDC (Named BINKLG) I see all, including ADS users. When I trying do it on Domain Member Server I don't see users from ADS Is it possible to view thats users (from trusted domain) on DMS (not BDC)? Samba 3.5.6 after typing wbinfo -u: suspicious strings in log files loglevel 10: log.wb-TEST [2011/03/16 10:55:56.466417, 10] winbindd/winbindd_util.c:1337(winbindd_can_contact_domain) winbindd_can_contact_domain: TEST is an AD domain and we have no inbound trust. [2011/03/16 10:55:56.466470, 10] winbindd/winbindd_rpc.c:55(query_user_list) query_user_list: No incoming trust for domain TEST loglevel 3: log.wb-TEST [2011/03/16 11:07:23.731615, 3] winbindd/winbindd_cm.c:1633(connection_ok) connection_ok: Connection to KLG-PDC1 for domain BINKLG is not connected [2011/03/16 11:07:23.731717, 3] winbindd/winbindd_cm.c:1736(set_dc_type_and_flags_trustinfo) set_dc_type_and_flags_trustinfo: No connection to our domain! [2011/03/16 11:07:23.742157, 3] winbindd/winbindd_rpc.c:48(query_user_list) rpc: query_user_list smb.conf [global] workgroup = BINKLG security = domain netbios name = DW-DEBIAN username map = /etc/samba/smbusers log level= 10 syslog = 0 log file = /var/log/samba/%m max log size = 0 #smb ports = 139 name resolve order = wins bcast hosts wins server = xx.xx.xx.xx idmap uid = 10000 - 20000 idmap gid = 10000 - 20000 template shell = /bin/bash #winbind separator = + realm = XXX.XXXX.XXX encrypt passwords = yes winbind use default domain = yes winbind enum users = yes winbind enum groups = yes allow trusted domains = yes winbind nested groups = yes #client use spnego = no password server = KLG-PDC1 nsswitch.conf passwd: files ldap winbind group: files ldap winbind shadow: files ldap winbind hosts: files wins dns networks: files protocols: db files services: db files ethers: db files rpc: db files publickey: nisplus netgroup: files libnss_ldap.conf host xx.xx.xx.xx base dc=xxx,dc=xxxxx,dc=xxx binddn cn=Administrator,dc=xxx,dc=xxxxx,dc=xxx bindpw xxxxxxx timelimit 50 bind_timelimit 50 bind_policy hard idle_timelimit 3600 pam_password exop nss_base_passwd dc=xxx,dc=xxxxx,dc=xxx nss_base_shadow dc=xxx,dc=xxxxx,dc=xxx nss_base_group dc=xxx,dc=xxxxx,dc=xxx ssl off Thank you, Wasil.
Bob Miller
2011-Mar-16 15:58 UTC
[Samba] wbinfo -u Don't show users from trusted(ing) domain on domain member server
Hi, Did you join your DMS to the domain? On Wed, 2011-03-16 at 12:35 +0300, Wasil wrote:> Hi, All! > > I Have Samba (3.5.6) domain witch have trust relations with ADS (Named TEST) Win2008 (2008 domain mode) > On PDC all working very good. > I have also Domain Member server in my samba Domain. > When i trying type wbinfo -u, or getent passwd on samba PDC (Named BINKLG) I see all, including ADS users. > When I trying do it on Domain Member Server I don't see users from ADS > Is it possible to view thats users (from trusted domain) on DMS (not BDC)? > > Samba 3.5.6 > > after typing wbinfo -u: > > suspicious strings in log files > > loglevel 10: > log.wb-TEST > [2011/03/16 10:55:56.466417, 10] winbindd/winbindd_util.c:1337(winbindd_can_contact_domain) > winbindd_can_contact_domain: TEST is an AD domain and we have no inbound trust. > [2011/03/16 10:55:56.466470, 10] winbindd/winbindd_rpc.c:55(query_user_list) > query_user_list: No incoming trust for domain TEST > > loglevel 3: > log.wb-TEST > [2011/03/16 11:07:23.731615, 3] winbindd/winbindd_cm.c:1633(connection_ok) > connection_ok: Connection to KLG-PDC1 for domain BINKLG is not connected > [2011/03/16 11:07:23.731717, 3] winbindd/winbindd_cm.c:1736(set_dc_type_and_flags_trustinfo) > set_dc_type_and_flags_trustinfo: No connection to our domain! > [2011/03/16 11:07:23.742157, 3] winbindd/winbindd_rpc.c:48(query_user_list) > rpc: query_user_list > > smb.conf > [global] > workgroup = BINKLG > security = domain > netbios name = DW-DEBIAN > username map = /etc/samba/smbusers > log level= 10 > syslog = 0 > log file = /var/log/samba/%m > max log size = 0 > #smb ports = 139 > name resolve order = wins bcast hosts > wins server = xx.xx.xx.xx > idmap uid = 10000 - 20000 > idmap gid = 10000 - 20000 > template shell = /bin/bash > #winbind separator = + > realm = XXX.XXXX.XXX > encrypt passwords = yes > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > allow trusted domains = yes > winbind nested groups = yes > #client use spnego = no > password server = KLG-PDC1 > > nsswitch.conf > passwd: files ldap winbind > group: files ldap winbind > shadow: files ldap winbind > hosts: files wins dns > networks: files > protocols: db files > services: db files > ethers: db files > rpc: db files > publickey: nisplus > netgroup: files > > libnss_ldap.conf > host xx.xx.xx.xx > base dc=xxx,dc=xxxxx,dc=xxx > binddn cn=Administrator,dc=xxx,dc=xxxxx,dc=xxx > bindpw xxxxxxx > timelimit 50 > bind_timelimit 50 > bind_policy hard > idle_timelimit 3600 > pam_password exop > nss_base_passwd dc=xxx,dc=xxxxx,dc=xxx > nss_base_shadow dc=xxx,dc=xxxxx,dc=xxx > nss_base_group dc=xxx,dc=xxxxx,dc=xxx > ssl off > > Thank you, > Wasil. >Bob Miller 334-7117/660-5315 http://computerisms.ca bob at computerisms.ca Network, Internet, Server, and Open Source Solutions