trusted domain 'disconnected' using winbind

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

trusted domain 'disconnected' using winbind

Grund, Andreas
I have a problem with winbind resolving global groups on a trusted NT
Domain. I want to use SQUID and NTLM Authentification and therefore the
external authentification helper needs to check if a user belongs to a given
group. When I do 'windbind -r DOMAIN+USER GROUP', only groups of the local
domain are listed. It seems as if winbind couldn't find a domain controller
for the trusted domain: 'wbinfo --sequence' shows the trusted domain
disconnected. Debugging winbindd does show following errors:

wbinfo --sequence =>
[..]
bind_rpc_pipe: transfer syntax differs
rpc_pipe_bind: check_bind_response failed.
[..]
Could not open a connection to DOMAIN_B for \PIPE\samr
(NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)

wbinfo -g =>
get_sam_group_entries: could not enumerate domain groups! Error:
NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND

Though winbind couldn't find a Domain Controller, checking Password secrets
using 'winbind -a' works without any problems for members of both domains.

Has anyone an idea how to solve this problem?

Samba Version: 3.0.9-2.6-SUSE
2 NT4 SP6 Servers acting as PDC for 2 trusted Domains

Thx
Andi
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
Reply | Threaded
Open this post in threaded view
|

Re: trusted domain 'disconnected' using winbind

Gerald Carter-4
Grund, Andreas wrote:

> I have a problem with winbind resolving global groups on a trusted NT
> Domain. I want to use SQUID and NTLM Authentification and therefore the
> external authentification helper needs to check if a user belongs to a given
> group. When I do 'windbind -r DOMAIN+USER GROUP', only groups of the local
> domain are listed. It seems as if winbind couldn't find a domain controller
> for the trusted domain: 'wbinfo --sequence' shows the trusted domain
> disconnected. Debugging winbindd does show following errors:
>
> wbinfo --sequence =>
> [..]
> bind_rpc_pipe: transfer syntax differs
> rpc_pipe_bind: check_bind_response failed.
> [..]
This is they key error message.  Can you send me a raw ethereal trace
and a level 10 debug log surrounduing this error?  Thanks.

> Samba Version: 3.0.9-2.6-SUSE
> 2 NT4 SP6 Servers acting as PDC for 2 trusted Domains





cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back."     Ethan Hawk in Gattaca

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

signature.asc (264 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: trusted domain 'disconnected' using winbind

Grund, Andreas
In reply to this post by Grund, Andreas
Problem is solved!

Actually there were 2 problems. First, I noticed that winbind tried to
resolve a servername which is no longer PDC in the trusted domain - we
changed PDC and BDC some months ago. Don't know where samba gets this
(wrong) information from. So I tried a workaround by adding an entry in
lmhosts with the wrong servername (the one winbind is looking for) but the
correct ip-address of the PDC. In fact this worked fine with our test system
but not with the production server, though configuration was indentical
execpt the sw-release of samba itself. Finally I upgraded 3.0.9-2.6 to
3.0.14a-0.1 and now everything is fine!

Gerald (Jerry) Carter wrote:

> Grund, Andreas wrote:
>> I have a problem with winbind resolving global groups on a
>> trusted NT Domain. I want to use SQUID and NTLM
>> Authentification and therefore the external authentification
>> helper needs to check if a user belongs to a given group.
>> When I do 'windbind -r DOMAIN+USER GROUP', only groups of
>> the local domain are listed. It seems as if winbind couldn't
>> find a domain controller for the trusted domain: 'wbinfo
>> --sequence' shows the trusted domain disconnected. Debugging
>> winbindd does show following errors:  
>>
>> wbinfo --sequence =>
>> [..]
>> bind_rpc_pipe: transfer syntax differs
>> rpc_pipe_bind: check_bind_response failed.
>> [..]
>
> This is they key error message.  Can you send me a raw
> ethereal trace and a level 10 debug log surrounduing this
> error?  Thanks.
>
>> Samba Version: 3.0.9-2.6-SUSE
>> 2 NT4 SP6 Servers acting as PDC for 2 trusted Domains
>
>
>
>
>
> cheers, jerry
> =====================================================================
> Alleviating the pain of Windows(tm)      -------
> http://www.samba.org GnuPG Key                -----
> http://www.plainjoe.org/gpg_public.asc "I never saved
> anything for the swim back."     Ethan Hawk in Gattaca

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba