I can't authenticate users from the trusted domain I-BNEX in my domain without winbind, but the auth request for I-BNEX\Administrator to the foreign DC seems to succeed! We have a further problem that prevents SID->Name resolving with the trusted domain. [2006/07/13 17:35:36, 5] rpc_parse/parse_prs.c:prs_uint32(704) 019c auth_resp : 00000001 [2006/07/13 17:35:36, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 01a0 status : NT_STATUS_OK [2006/07/13 17:35:36, 10] libsmb/credentials.c:creds_client_check(325) creds_client_check: credentials check OK. [2006/07/13 17:35:36, 10] passdb/secrets.c:secrets_named_mutex_release(791) secrets_named_mutex: released mutex for EXCHANGE2 [2006/07/13 17:35:36, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user I-BNEX\administrator [2006/07/13 17:35:36, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is i-bnex\administrator [2006/07/13 17:35:36, 5] lib/username.c:Get_Pwnam_internals(83) Trying _Get_Pwnam(), username as given is I-BNEX\administrator [2006/07/13 17:35:36, 5] lib/username.c:Get_Pwnam_internals(93) Trying _Get_Pwnam(), username as uppercase is I-BNEX\ADMINISTRATOR [2006/07/13 17:35:36, 5] lib/username.c:Get_Pwnam_internals(102) Checking combinations of 0 uppercase letters in i-bnex\administrator [2006/07/13 17:35:36, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals didn't find user [I-BNEX\administrator]! [2006/07/13 17:35:36, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user administrator [2006/07/13 17:35:36, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is administrator [2006/07/13 17:35:36, 5] lib/username.c:Get_Pwnam_internals(93) Trying _Get_Pwnam(), username as uppercase is ADMINISTRATOR [2006/07/13 17:35:36, 5] lib/username.c:Get_Pwnam_internals(102) Checking combinations of 0 uppercase letters in administrator [2006/07/13 17:35:36, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals didn't find user [administrator]! [2006/07/13 17:35:36, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user administrator [2006/07/13 17:35:36, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is administrator [2006/07/13 17:35:36, 5] lib/username.c:Get_Pwnam_internals(93) Trying _Get_Pwnam(), username as uppercase is ADMINISTRATOR [2006/07/13 17:35:36, 5] lib/username.c:Get_Pwnam_internals(102) Checking combinations of 0 uppercase letters in administrator [2006/07/13 17:35:36, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals didn't find user [administrator]! [2006/07/13 17:35:36, 5] tdb/tdbutil.c:tdb_log(783) tdb(unnamed): tdb_open_ex: could not open file /server/samba/var/locks/netsamlogon_cache.tdb: Permission denied [2006/07/13 17:35:36, 0] libsmb/samlogon_cache.c:netsamlogon_cache_store(124) netsamlogon_cache_store: cannot open netsamlogon_cache.tdb for write! [2006/07/13 17:35:36, 6] libsmb/clientgen.c:write_socket(132) write_socket(8,45)
The first part of this bug is my stupidity. Of course samba needs a underlying account when winbind isn't present, so getpwnam fails. But why does the resolving of SIDs from the trusted domain not work?
first part of this bug was bogus.