I have parent domain NETLANTEK.NET and child NETCHILD.NETLANTEK.NET. The parent has two domain controllers, one is called win3k-pdc.netlantek.net. and the other one is called ccpqdl320-srv1.netlantek.net. I am joined to the parent domain, NETLANTEK.NET. Here is what I see: x228:203> wbinfo -m ccpqdl320-srv1 NETCHILD NETLANTEK The first name is not real, it's probably derived from DNS name of the second domain controller. x228:195> wbinfo -D ccpqdl320-srv1 Name : ccpqdl320-srv1 Alt_Name : ccpqdl320-srv1 SID : S-1-0-0 Active Directory : No Native : No Primary : No Sequence : -1 x228:196> wbinfo -D NETCHILD Name : NETCHILD Alt_Name : netchild.netlantek.net SID : S-1-5-21-3757639274-339704108-2390042785 Active Directory : Yes Native : Yes Primary : No Sequence : 156568 x228:197> wbinfo -D NETLANTEK Name : NETLANTEK Alt_Name : netlantek.net SID : S-1-5-21-1305906595-1791979575-428400569 Active Directory : Yes Native : Yes Primary : Yes Sequence : 441170 x228:198> dig _ldap._tcp.netlantek.net srv ; <<>> DiG 9.3.2 <<>> _ldap._tcp.netlantek.net srv ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64662 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2 ;; QUESTION SECTION: ;_ldap._tcp.netlantek.net. IN SRV ;; ANSWER SECTION: _ldap._tcp.netlantek.net. 600 IN SRV 0 100 389 win3k-pdc.netlantek.net. _ldap._tcp.netlantek.net. 600 IN SRV 0 100 389 ccpqdl320-srv1.netlantek.net. ;; ADDITIONAL SECTION: win3k-pdc.netlantek.net. 3600 IN A 192.168.0.45 ccpqdl320-srv1.netlantek.net. 3600 IN A 192.168.0.49 ;; Query time: 1 msec ;; SERVER: 192.168.0.45#53(192.168.0.45) ;; WHEN: Fri Aug 17 18:36:21 2007 ;; MSG SIZE rcvd: 165
This is stock samba 3.0.25b from ftp.samba.org for SuSE 10.1 x64 running on SuSE10.1, no modifications. Cleaned log files and winbindd_cache.tdb, joined domain, debug level = 1, did: Logs attached. x228:141> sudo sh /etc/init.d/winbind start Starting Samba WINBIND daemon done x228:142> x228:142> sudo net ads testjoin Join is OK x228:143> sudo net ads info LDAP server: 192.168.0.49 LDAP server name: ccpqdl320-srv1.netlantek.net Realm: NETLANTEK.NET Bind Path: dc=NETLANTEK,dc=NET LDAP port: 389 Server time: Sat, 18 Aug 2007 11:19:22 PDT KDC server: 192.168.0.49 Server time offset: -12 x228:144> wbinfo -m ccpqdl320-srv1 NETCHILD NETLANTEK x228:145> sudo sh /etc/init.d/winbindd Shutting down Samba WINBIND daemon done
Created attachment 2870 [details] log level = 10 for wbinfo -m
There's something really strange about your domain setup: 00000c ds_io_dom_trusts_ctr domain_trusts 000c netbios_ptr: 00020004 0010 dns_ptr: 00000000 0014 flags: 00000002 ^^^^^^^^^^^^^^^^^^^^ 0018 parent_index: 00000000 001c trust_type: 00000003 ^^^^^^^^^^^^^^^^^^^^^^^^^ 0020 trust_attributes: 00000001 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 0024 sid_ptr: 00000000 000090 smb_io_unistr2 netbios_domain 009c buffer : c.c.p.q.d.l.3.2.0.-.s.r.v.1... 0000bc smb_io_unistr2 - NULL dns_domain The trust type and attributes say this is a outgoing, non-transitive trust. So I would say that you have incorrectly something about your DCs. We get back ccpqdl320-srv1 as a valid trusted domain so what can we do? Are you operating in mixed mode or something?
The way I'm reading thr -D output -- above in this bug -- the two "normal" domains are in native mode. The invalid one says No to everything so I assume this is just zeroed field and it does not really mean anything. The way I understand it there is nothing special about the domain, just two controllers on the parent.
Please verify your domain controllers. I've never seen a DC listed like this in the EnumDomainTrusts() reply. And I've looked at it a lot in the past few months. I believe the output you posted but as of yet, I do not trust that the DCs are properly configured.
Netlantek server ccpqdl320-srv1 was configured as a trusted realm so the behavior was correct. This was probably setup for something we did in the past. I've demoted this server so it no longer shows up in the list.
Thanks Duncan. That would match the log files. Closing this bug as INVALID.