Bug 1035 - Samba] ADS and Winbind - Can't access with Samba host name --
Samba] ADS and Winbind - Can't access with Samba host name --
Status: RESOLVED INVALID
Product: Samba 3.0
Classification: Unclassified
Component: winbind
3.0.2
All Linux
: P3 major
: none
Assigned To: Gerald (Jerry) Carter
http://aktivia.com
:
Depends on:
Blocks: 807
  Show dependency treegraph
 
Reported: 2004-02-03 21:38 UTC by Jairo Rizzo
Modified: 2005-11-14 09:24 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jairo Rizzo 2004-02-03 21:38:49 UTC
hi,

 I have 2 machines running 3.0.2rc2... A[192.168.0.250] is running as WINS and 
B[192.168.0.3] running as server/client. I have a third machine C[192.168.0.2] 
runnig win2k as domain controller and have the 2 samba machines getting the 
users+groups from C via ADS... so after setting them up i can access machine B 
just fine from any WINbased machine within the intranet.. by typing \\A or 
\\192.168.x.x BUT machine B can only be accesible when typing the IP.
When entering \\B I get the following

Feb  4 00:27:10 zeus smbd[15197]: [2004/02/04 00:21:30, 0] 
lib/util_sock.c:get_peer_addr(948)
Feb  4 00:27:10 zeus smbd[15197]:   getpeername failed. Error was Transport 
endpoint is not connected
Feb  4 00:27:10 zeus smbd[15197]: [2004/02/04 00:21:30, 0] 
lib/util_sock.c:get_peer_addr(948)
Feb  4 00:27:10 zeus smbd[15197]:   getpeername failed. Error was Transport 
endpoint is not connected
Feb  4 00:27:11 zeus smbd[15197]: [2004/02/04 00:21:30, 0] 
lib/access.c:check_access(328)
Feb  4 00:27:11 zeus smbd[15197]: [2004/02/04 00:21:30, 0] 
lib/util_sock.c:get_peer_addr(948)
Feb  4 00:27:11 zeus smbd[15197]:   getpeername failed. Error was Transport 
endpoint is not connected
Feb  4 00:27:11 zeus smbd[15197]:   Denied connection from  (0.0.0.0)
Feb  4 00:27:11 zeus smbd[15197]: [2004/02/04 00:21:30, 0] 
lib/util_sock.c:get_peer_addr(948)
Feb  4 00:27:11 zeus smbd[15197]:   getpeername failed. Error was Transport 
endpoint is not connected
Feb  4 00:27:11 zeus smbd[15197]:   Connection denied from 0.0.0.0
Feb  4 00:27:11 zeus smbd[15197]: [2004/02/04 00:21:30, 0] 
lib/util_sock.c:write_socket_data(388)
Feb  4 00:27:11 zeus smbd[15197]:   write_socket_data: write failure. Error = 
Connection reset by peer
Feb  4 00:27:11 zeus smbd[15197]: [2004/02/04 00:21:30, 0] 
lib/util_sock.c:write_socket(413)
Feb  4 00:27:11 zeus smbd[15197]:   write_socket: Error writing 5 bytes to 
socket 5: ERRNO = Connection reset by peer
Feb  4 00:27:11 zeus smbd[15197]: [2004/02/04 00:21:30, 0] 
lib/util_sock.c:send_smb(601)
Feb  4 00:27:11 zeus smbd[15197]:   Error writing 5 bytes to client. -1. 
(Connection reset by peer)


All tests such as wbinfo, getent, etc were performed in both machines and 
everything works fine..howvere, can't login to B via HOST. Please help

A's SMB.CONF

[global]
        passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
*passwd:*all*authentication*tokens*updated*successfully*
        idmap gid = 10000-20000
        obey pam restrictions = yes
        hosts allow = 192.168.0. 192.168.2. 127.
        passwd program = /usr/bin/passwd %u
        nt acl support = yes
        dns proxy = no
        netbios name = lindev
        printing = lprng
        idmap uid = 10000-20000
        remote announce = 192.168.0.255
        local master = yes
        workgroup = MYWG
        os level = 33
        printcap name = /etc/printcap
        security = ADS
        max log size = 0
        winbind separator = +
        log file = /var/log/samba/%m.log
        smb passwd file = /etc/samba/smbpasswd
        load printers = yes
        socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
        interfaces = eth0
        encrypt passwords = yes
        winbind use default domain = yes
        realm = MYWG.COM
        template shell = /bin/bash
        wins support = true
        server string = Samba linux Server
        winbind enum users = yes
        password server = 192.168.0.2
        unix password sync = yes
        template homedir = /home/NT/%D/%U
        winbind enum groups = yes
        pam password change = yes
        winbind cache time = 10

B's SMB.CONF:

[global]

        passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
*passwd:*all*authentication*tokens*updated*successfully*
        idmap gid = 10000-20000
        obey pam restrictions = yes
        hosts allow = 192.168.0. 192.168.2. 127.
        passwd program = /usr/bin/passwd %u
        nt acl support = yes
        dns proxy = no
        netbios name = zeus
        printing = lprng
        idmap uid = 10000-20000
        remote announce = 192.168.0.255
        local master = no
        workgroup = MYWG
        os level = 65
        printcap name = /etc/printcap
        security = ADS
        max log size = 0
        winbind separator = +
        log file = /var/log/samba/%m.log
        smb passwd file = /etc/samba/smbpasswd
        load printers = yes
        socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
        encrypt passwords = yes
        winbind use default domain = yes
        realm = MYWG.COM
        template shell = /bin/bash
        domain master = no
        wins server = 192.168.0.250
        server string = Samba linux Server
        winbind enum users = yes
        password server = 192.168.0.2
        unix password sync = yes
        template homedir = /home/NT/%D/%U
        winbind enum groups = yes
        pam password change = yes
        winbind cache time = 10
Comment 1 Gerald (Jerry) Carter 2004-02-04 06:31:23 UTC
what is the version of krb5 libs you are using (on both 
machines) and what is the contents of /etc/krb5.conf?
And what is the server OS on A and B?
Comment 2 Jairo Rizzo 2004-02-05 17:43:39 UTC
hi again,

++++++++++what is the version of krb5 libs you are using (on both 
machines) 
krb5-libs-1.2.7-10

++++++++++and what is the contents of /etc/krb5.conf?
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 ticket_lifetime = 24000
 default_realm = AKTIVIANETWORKS.COM
 dns_lookup_realm = yes
 dns_lookup_kdc = yes

[realms]
AKTIVIANETWORKS.COM = {
kdc = 192.168.0.2
}

[domain_realm]
.aktivianetworks.com = AKTIVIANETWORKS.COM
aktivianetworks.com = AKTIVIANETWORKS.COM

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

=+++++++++And what is the server OS on A and B?
Linux 2.4.20-8smp #1 SMP
Comment 3 Gerald (Jerry) Carter 2004-03-08 09:41:01 UTC
There is something wrong with your kerberos setup 
on \\B.  I've worked on this with several other 
reporters and it always come down to something in 
the krb5 setup on the Samba box (not Samba itself).

The reason that the \\IP.add.re.ss works is that the 
client is using NTLMSSP rather thanj kerberos.

The first things I would suggest is upgrading to MIT 
krb 1.3.x on \\B.  Sorry but this appears to be a krb5 issue.
Please feel free to use the samba ml to help resolve this.
I'm closing the bug since there is no evidence that Samba 
is doing the wrong thing.
Comment 4 Gerald (Jerry) Carter 2005-11-14 09:24:36 UTC
database cleanup