I can see the SID of the ID I am trying to authenticate with... USTR-LINUX-1:~ # wbinfo -n EU\\inblr-auth1 S-1-5-21-606747145-879983540-1177238915-173280 User (1)
I have turned up the logging and added the EU domain to our krb5.conf. My winbindd.log now shows the following: [2006/02/16 14:14:58, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1533) Retrieving response for pid 25124 [2006/02/16 14:14:58, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn DOMAIN_INFO [2006/02/16 14:14:58, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(356) [ 0]: domain_info [EU.UIS.UNISYS.COM] [2006/02/16 14:14:58, 6] nsswitch/winbindd.c:new_connection(596) accepted socket 18 [2006/02/16 14:14:58, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn INTERFACE_VERSION [2006/02/16 14:14:58, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(461) [ 0]: request interface version [2006/02/16 14:14:58, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2006/02/16 14:14:58, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(494) [ 0]: request location of privileged pipe [2006/02/16 14:14:58, 6] nsswitch/winbindd.c:new_connection(596) accepted socket 27 [2006/02/16 14:14:58, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn DOMAIN_INFO [2006/02/16 14:14:58, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(356) [ 0]: domain_info [EU.UIS.UNISYS.COM] ********If I look in the log for the client I am trying to connect from, I see this: [2006/02/16 14:14:58, 2] smbd/sesssetup.c:setup_new_vc_session(704) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/02/16 14:14:58, 10] auth/auth_util.c:get_user_groups(681) get_user_groups: winbind_getgroups(NA\ustr-netiq$): result = SUCCESS [2006/02/16 14:14:58, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 16783538 Primary group is 16777671 and contains 1 supplementary groups Group[ 0]: 16777671 [2006/02/16 14:14:58, 10] auth/auth_util.c:debug_nt_user_token(457) NT user token of user S-1-5-21-3294472140-2299987452-2298777348-33568076 contains 6 SIDs SID[ 0]: S-1-5-21-3294472140-2299987452-2298777348-33568076 SID[ 1]: S-1-5-21-3294472140-2299987452-2298777348-33556343 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-725345543-2052111302-527237240-515 SE_PRIV 0x0 0x0 0x0 0x0 [2006/02/16 14:14:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(263) Username EU\inblr-auth1 is invalid on this system [2006/02/16 14:14:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(263) Username EU\inblr-auth1 is invalid on this system [2006/02/16 14:14:58, 5] auth/auth_util.c:free_server_info(1387) attempting to free (and zero) a server_info structure [2006/02/16 14:14:58, 2] smbd/sesssetup.c:setup_new_vc_session(704) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/02/16 14:14:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(263) Username EU\inblr-auth1 is invalid on this system [2006/02/16 14:14:58, 2] smbd/server.c:exit_server(612) Closing connections [2006/02/16 14:14:58, 2] smbd/sesssetup.c:setup_new_vc_session(704) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/02/16 14:14:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(263) Username EU\inblr-auth1 is invalid on this system [2006/02/16 14:14:58, 2] smbd/sesssetup.c:setup_new_vc_session(704) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/02/16 14:14:58, 10] auth/auth_util.c:get_user_groups(681) get_user_groups: winbind_getgroups(NA\ustr-netiq$): result = SUCCESS [2006/02/16 14:14:58, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 16783538 Primary group is 16777671 and contains 1 supplementary groups Group[ 0]: 16777671 [2006/02/16 14:14:58, 10] auth/auth_util.c:debug_nt_user_token(457) NT user token of user S-1-5-21-3294472140-2299987452-2298777348-33568076 contains 6 SIDs SID[ 0]: S-1-5-21-3294472140-2299987452-2298777348-33568076 SID[ 1]: S-1-5-21-3294472140-2299987452-2298777348-33556343 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-725345543-2052111302-527237240-515 SE_PRIV 0x0 0x0 0x0 0x0 [2006/02/16 14:14:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(263) Username EU\inblr-auth1 is invalid on this system [2006/02/16 14:14:58, 5] auth/auth_util.c:free_server_info(1387) attempting to free (and zero) a server_info structure [2006/02/16 14:14:58, 2] smbd/server.c:exit_server(612) Closing connections [2006/02/16 14:14:58, 2] smbd/sesssetup.c:setup_new_vc_session(704) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/02/16 14:14:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(263) Username EU\inblr-auth1 is invalid on this system [2006/02/16 14:14:58, 2] smbd/server.c:exit_server(612) Closing connections [2006/02/16 14:14:58, 2] smbd/sesssetup.c:setup_new_vc_session(704) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/02/16 14:14:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(263) Username EU\inblr-auth1 is invalid on this system [2006/02/16 14:14:58, 2] smbd/sesssetup.c:setup_new_vc_session(704) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/02/16 14:14:58, 10] auth/auth_util.c:get_user_groups(681) get_user_groups: winbind_getgroups(NA\ustr-netiq$): result = SUCCESS [2006/02/16 14:14:58, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 16783538 Primary group is 16777671 and contains 1 supplementary groups Group[ 0]: 16777671 [2006/02/16 14:14:58, 10] auth/auth_util.c:debug_nt_user_token(457) NT user token of user S-1-5-21-3294472140-2299987452-2298777348-33568076 contains 6 SIDs SID[ 0]: S-1-5-21-3294472140-2299987452-2298777348-33568076 SID[ 1]: S-1-5-21-3294472140-2299987452-2298777348-33556343 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-725345543-2052111302-527237240-515 SE_PRIV 0x0 0x0 0x0 0x0 [2006/02/16 14:14:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(263) Username EU\inblr-auth1 is invalid on this system [2006/02/16 14:14:58, 5] auth/auth_util.c:free_server_info(1387) attempting to free (and zero) a server_info structure [2006/02/16 14:14:58, 2] smbd/server.c:exit_server(612) Closing connections [2006/02/16 14:14:58, 2] smbd/sesssetup.c:setup_new_vc_session(704) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/02/16 14:14:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(263) Username EU\inblr-auth1 is invalid on this system [2006/02/16 14:14:58, 2] smbd/server.c:exit_server(612) Closing connections [2006/02/16 14:15:00, 2] smbd/server.c:exit_server(612) Closing connections My wbinfo --sequence still shows the EU domain as being disconnected. I just found this error in the log.wb-EU file: [2006/02/16 14:51:20, 1] libsmb/clikrb5.c:ads_krb5_mk_req(394) ads_krb5_mk_req: krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot contact any KDC for requested realm) [2006/02/16 14:51:29, 1] libsmb/clikrb5.c:ads_krb5_mk_req(394) ads_krb5_mk_req: krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot contact any KDC for requested realm) [2006/02/16 14:51:29, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81) ads_connect for domain EU failed: Cannot contact any KDC for requested realm -----Original Message----- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Thursday, February 16, 2006 11:05 AM To: Trimble, Ronald D Cc: samba@lists.samba.org Subject: Re: [Samba] Authenticating another domain -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Trimble, Ronald D wrote: > Username EU\inblr-auth1 is invalid on this system figure this out. That is the key. Does "getent passwd 'EU\inblr-auth1'" return anything? What does wbinfo --sequence show? cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD9KKUIR7qMdg1EfYRApFRAKC2rqZZ3cFZMV5jLfVtON/uD9P5rgCfR5tG fAQ7r9ZXNxRfB1nYcF1qnW0= =oH5D -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba