Brian Gregorcy schrieb:
In log.winbindd I can see errors like:
[2009/01/22 10:44:55, 3] libads/ldap.c:ads_do_paged_search_args(696)
ads_do_paged_search_args:
ldap_search_with_timeout((objectCategory=user)) -> Operations error
[2009/01/22 10:44:55, 3]
libads/ldap_utils.c:ads_do_search_retry_internal(76)
Reopening ads connection to realm 'GEORGIANUT.COM' after error
Operations error
[2009/01/22 10:44:55, 5] libads/dns.c:sitename_fetch(677)
sitename_fetch: Returning sitename for georgianut.com:
"Default-First-Site-Name"
[2009/01/22 10:44:55, 6] libads/ldap.c:ads_find_dc(294)
ads_find_dc: looking for realm 'georgianut.com'
[2009/01/22 10:44:55, 8] libsmb/namequery.c:get_sorted_dc_list(1626)
get_sorted_dc_list: attempting lookup for name georgianut.com
(sitename Default-First-Site-Name) using [ads]
check that your clock on the linux box matches the clock on the DC.
Just being curios: what time difference is acceptable? I.e. up to 5
seconds, 5 minutes? That being said, the clocks are in sync.
When I use tcpdump to see what happens when doing "getent passwd", I can
see such error message:
5012 DIR_ERROR
Google suggest such causes for this error:
i.e. LDAP troubleshooting
kb.adobe.com/selfservice/viewContent.do?externalId=tn_19576
Cause: The DN specified in the User Search tab is incorrect, wrong, or
incorrectly formatted.
Cause: User could not be found. Most likely due to DN settings in the
User Search tab or the suffix or prefix fields in the Settings tab.
Cause: Most likely caused by a bad username or password. Common cause of
this error is a user trying to login with DOMAIN\login instead of just
login.
However, this doesn't explain why "getent group" works, and "getent
passwd" doesn't.
--
Tomasz Chmielewski
http://wpkg.org
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
