Samba file server with ActiveDirectory accounts... pw usershow not working

Fri, 20 Oct 2006 09:29:29 -0700 

Hi
I asked about this a while back and a few of you were good enough to give me some pointers. I've been forced to look again at Samba because the single unmirrored disk not covered by the backup scripts that a certain sysadmin installed crashed the other day. So I thought we need a better solution. My ultimate aim is a server with a share for our company, which we can log into using our AD accounts and each have a personal folder. I already have my server joined to the domain from the last time I looked at this. 

Here are some diagnostics:

# net ads testjoin
Join is OK

# wbinfo -D JIGSAWHQ
Name              : JIGSAWHQ
Alt_Name          : jigsawhq.com
SID               : S-1-5-21-1085031214-1957994488-1343024091
Active Directory  : Yes
Native            : No
Primary           : Yes
Sequence          : 1172959

# wbinfo -u
...list of usernames...

(not prepended by the domains, but neither is it on our Linux servers  
either)


# wbinfo -g
...list of groups...

# ntlm_auth --username=ashleymoran
password:
NT_STATUS_OK: Success (0x0)

# cat /etc/nsswitch.conf
group: files winbind
hosts: files dns winbind
networks: files
passwd: files winbind
shells: files


However this command *should* now work, but doesn't:

# pw user show PawelKaminski
pw: no such user `PawelKaminski'


The output in log.wb-JIGSAWHQ (winbindd -d3) is this below.   
Presumably this bit...

[2006/10/20 16:35:18, 3] libsmb/clikrb5.c:ads_krb5_mk_req(552)

  ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or  
directory)
is bad, but I don't know what it means or how to fix it (googling has  
left me no wiser)



[2006/10/20 16:35:17, 3] nsswitch/ 
winbindd_async.c:winbindd_dual_lookupname(709)

  [93883]: lookupname JIGSAWHQ\PawelKaminski
[2006/10/20 16:35:17, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(257)
  rpc: name_to_sid name=JIGSAWHQ\PawelKaminski
[2006/10/20 16:35:17, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(265)
  name_to_sid [rpc] JIGSAWHQ\PawelKaminski for domain JIGSAWHQ
[2006/10/20 16:35:17, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)

  rpc_pipe_bind: Remote machine JIGSAW-SBS02 pipe \lsarpc fnum  
0x8012 bind request returned ok.

[2006/10/20 16:35:17, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(941)
  Got challenge flags:
[2006/10/20 16:35:17, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x62890235
[2006/10/20 16:35:17, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(963)
  NTLMSSP: Set final flags:
[2006/10/20 16:35:17, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x60080235
[2006/10/20 16:35:17, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
  NTLMSSP Sign/Seal - Initialising with flags:
[2006/10/20 16:35:17, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x60080235
[2006/10/20 16:35:17, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224)
  lsa_io_sec_qos: length c does not match size 8

[2006/10/20 16:35:17, 3] nsswitch/ 
winbindd_user.c:winbindd_dual_userinfo(146)

  [93883]: lookupsid S-1-5-21-1085031214-1957994488-1343024091-1383
[2006/10/20 16:35:17, 3] nsswitch/winbindd_ads.c:query_user(478)
  ads: query_user
[2006/10/20 16:35:17, 3] libsmb/namequery.c:get_dc_list(1426)
  get_dc_list: preferred server list: ", jigsaw-sbs02.jigsawhq.com"
[2006/10/20 16:35:18, 3] libads/ldap.c:ads_connect(287)
  Connected to LDAP server 192.168.0.1
[2006/10/20 16:35:18, 3] libads/sasl.c:ads_sasl_spnego_bind(210)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2006/10/20 16:35:18, 3] libads/sasl.c:ads_sasl_spnego_bind(210)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2006/10/20 16:35:18, 3] libads/sasl.c:ads_sasl_spnego_bind(210)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2006/10/20 16:35:18, 3] libads/sasl.c:ads_sasl_spnego_bind(210)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2006/10/20 16:35:18, 3] libads/sasl.c:ads_sasl_spnego_bind(219)

  ads_sasl_spnego_bind: got server principal name =jigsaw-sbs02 
[EMAIL PROTECTED]

[2006/10/20 16:35:18, 3] libsmb/clikrb5.c:ads_krb5_mk_req(552)

  ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or  
directory)

[2006/10/20 16:35:18, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(488)

  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache]  
expiration Sat, 21 Oct 2006 02:36:48 BST

[2006/10/20 16:35:18, 3] nsswitch/winbindd_ads.c:query_user(535)
  ads query_user gave PawelKaminski



I'd be very grateful if anyone has some hints on how to get this  
working.  I've spent all day reading about Samba, Kerberos, Winbind,  
NSS and on and on...  It's still new to me so I don't know how it  
glues together.


THanks
Ashley
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"














    











					Reply via email to