from:"Timothy E Jordan"

[Samba] Samba3.0.1pre1 winbind failing against domain groups(ADS)

2004-01-07 Thread Timothy E Jordan

Winbindd is having trouble finding the Domain Admins group in my domain.
 It appears to be searching for the group but does not show what domain
it's looking into - then it tries the local PC (ANC-Gentoo):

log.winbind:

[2004/01/07 13:20:43, 3] nsswitch/winbindd_group.c:winbindd_getgrnam(237)
  [23792]: getgrnam Domain Admins
[2004/01/07 13:20:43, 5] nsswitch/winbindd_acct.c:wb_getgrnam(522)
  wb_getgrnam: Did not find group (Domain Admins)
[2004/01/07 13:20:43, 5] nsswitch/winbindd_group.c:winbindd_getgrnam(254)
  winbindd_getgrnam: lookup for ANC-GENTOO\Domain Admins failed
[2004/01/07 13:21:24, 5] nsswitch/winbindd.c:winbind_client_read(465)
  read failed on sock 18, pid 23792: EOF


getent works:
$ getent group | grep Domain Admins
LABOR\Domain Admins:x:10003:LABOR\tim,...

wbinfo works:
$ wbinfo -g | grep Domain Admins
LABOR\Domain Admins


[EMAIL PROTECTED] var # net groupmap list
Domain Users (S-1-5-21-3791546257-2726071710-148796437-513) - 10442
Domain Admins (S-1-5-21-3791546257-2726071710-148796437-512) - root
Domain Guests (S-1-5-21-3791546257-2726071710-148796437-514) - nobody


Winbind finds my domain account just fine:

[2004/01/07 13:20:43, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(219)
  [23792]: domain_info [LABOR.AK]
[2004/01/07 13:20:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(113)
  [23792]: getpwnam labor\tim
[2004/01/07 13:20:43, 3] nsswitch/winbindd_ads.c:name_to_sid(313)
  ads: name_to_sid
[2004/01/07 13:20:43, 5] libads/ldap_utils.c:ads_do_search_retry(56)
  Search for (|(sAMAccountName=tim)([EMAIL PROTECTED]))
gave 1 replies
[2004/01/07 13:20:43, 3] libads/ads_ldap.c:ads_name_to_sid(82)
  ads name_to_sid mapped tim
[2004/01/07 13:20:43, 3] nsswitch/winbindd_group.c:winbindd_getgroups(932)
  [23792]: getgroups LABOR\tim
[2004/01/07 13:20:43, 3] nsswitch/winbindd_ads.c:name_to_sid(313)
  ads: name_to_sid
[2004/01/07 13:20:43, 5] libads/ldap_utils.c:ads_do_search_retry(56)
  Search for (|(sAMAccountName=tim)([EMAIL PROTECTED]))
gave 1 replies
[2004/01/07 13:20:43, 3] libads/ads_ldap.c:ads_name_to_sid(82)
  ads name_to_sid mapped tim

I understand Andrew Bartlett is aware of the following problem, but I'm
not sure how that is going to affect file sharing from my Samba server
acting as a Domain Memeber via security=ADS.

2004/01/07 13:20:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(113)
  [23792]: getpwnam LABOR\windowsxp$
[2004/01/07 13:20:43, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(148)
  user 'windowsxp$' does not exist
[2004/01/07 13:20:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(113)
  [23792]: getpwnam windowsxp$
[2004/01/07 13:20:43, 5] nsswitch/winbindd_acct.c:wb_getpwnam(393)
  wb_getpwnam: Did not find user (windowsxp$)
[2004/01/07 13:20:43, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(125)
  winbindd_getpwnam: lookup for ANC-GENTOO\windowsxp$ failed
[2004/01/07 13:20:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(113)
  [23792]: getpwnam windowsxp$
[2004/01/07 13:20:43, 5] nsswitch/winbindd_acct.c:wb_getpwnam(393)
  wb_getpwnam: Did not find user (windowsxp$)
[2004/01/07 13:20:43, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(125)
  winbindd_getpwnam: lookup for ANC-GENTOO\windowsxp$ failed





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SAMBA 3.0.1 : Failed to verify incoming ticket!

2003-12-16 Thread Timothy E Jordan

You may want to search for a recent thread on the list that can guide
you in resolving the kerberos failure.  I think the subject line was
Windows 2000 and kerberos...

Tim

- Original Message -
From: James R. Trater [EMAIL PROTECTED]
Date: Tuesday, December 16, 2003 4:05 pm
Subject: [Samba] SAMBA 3.0.1 :  Failed to verify incoming ticket!

 Hello,

   This morning I upgraded two machines to samba 3.0.1 (from 
 version3.0.0). One machine is a member of our production Windows 
 2000 Active
 Directory. The other is a member of our test Windows 2003 Active
 Directory. I made no changes to the smb.conf file after doing the
 upgrade. However, after doing the upgrade clients are asked for a
 username/password when connecting and I am seeing this in my logs:

 [2003/12/16 09:50:24, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
  Failed to verify incoming ticket!

 This happens on both machines. The test network machine has SAMBA
 compiled against MIT-kerberos 1.3.1 . The production machine uses 
 SAMBAcompiled against MIT-Kerbeors 1.2.7 . Any help would be 
 appreciated. 

 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba3.0.1pre1 winbind failing against domain groups(ADS)

Re: [Samba] SAMBA 3.0.1 : Failed to verify incoming ticket!

2 matches

Site Navigation

Mail list logo

Footer information