Hello, For one of my customer, i try to configure samba for authenticate users-groups again AD with windbind. For doing that, i did the following : 1) install Samba and all pre - required packages using pware binaries. 2) Create a smb.conf : [global] workgroup = FINBEL netbios name = orange-sv server string = orange Samba Server bind interfaces only = true security = ADS realm = FINBEL.INTRA password server = fngsvaddcs01, fngsvaddcs02, fngsvaddcs03, fngsvaddcs04, fngsvaddcs05, fngsvaddcs06 private dir = /home/hacmp/orange-sv/ encrypt passwords = yes idmap uid = 15000-20000 idmap gid = 15000-20000 winbind separator = + winbind use default domain = Yes winbind enum users = yes winbind enum groups = yes winbind cache time = 0 #Uncomment to allow these options log level = 10 log file = /var/log/samba.log max log size = 5000000 debug timestamp = yes browseable = yes [test] comment = test Share path = /tmp/test valid users = FINBEL+vhottat read only = No create mask = 0770 security mask = 0770 directory mask = 0770 3)Configure winbind : cp /opt/pware/samba/3.0.31/lib/security/WINBIND /usr/lib/security Add lines in "/usr/lib/security/methods.cfg" WINBIND: program = /usr/lib/security/WINBIND options = authonly 4) Configure /etc/krb3.conf : [logging] default = FILE:/var/log/krb5/libs.log kdc = FILE:/var/log/krb5/kdc.log admin_server = FILE:/var/log/krb5/admin.log [libdefaults] ticket_lifetime = 24000 default_realm = FINBEL.INTRA forwardable = true proxiable = true dns_lookup_realm = true dns_lookup_kdc = true [realms] FINBEL.INTRA = { default_domain = finbel.intra kdc = fngsvaddcs01.finbel.intra:88 kdc = fngsvaddcs02.finbel.intra:88 kdc = fngsvaddcs03.finbel.intra:88 kdc = fngsvaddcs04.finbel.intra:88 kdc = fngsvaddcs05.finbel.intra:88 kdc = fngsvaddcs06.finbel.intra:88 admin_server = fngsvaddcs01.finbel.intra:749 } [domain_realm] .domain.com = FINBEL.INTRA domain.com = FINBEL.INTRA [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [pam] debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false 5) Test kerberos root@orange /home/hacmp # kinit vhottat@FINBEL.INTRA Password for vhottat@FINBEL.INTRA: root@orange /home/hacmp # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: vhottat@FINBEL.INTRA Valid starting Expires Service principal 07/24/08 14:30:12 07/24/08 21:10:12 krbtgt/FINBEL.INTRA@FINBEL.INTRA Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached => OK 6) Join domain : net ads join -s /home/hacmp/smb.conf -U adm_jebe adm_jebe's password: Using short domain name -- FINBEL Joined 'orange-sv' to realm 'FINBEL.INTRA' => OK 7) start smbd, nmdb and winbindd => OK 8) Try to access the share => NOTOK : Enter the user name for 'orange.finbel.intra': FINBEL\sambatest Enter the password for orange.finbel.intra: System error 64 has occurred. The specified network name is no longer available. in the log, i can find : [2009/02/05 12:32:59, 5] rpc_parse/parse_prs.c:prs_uint8s(865) [2009/02/05 12:32:59, 1] libads/cldap.c:recv_cldap_netlogon(157) no reply received to cldap netlogon [2009/02/05 12:32:59, 3] libads/ldap.c:ads_try_connect(208) 0220 sig : 77 00 7a 00 ff ff 00 00 ads_try_connect: CLDAP request TFSRV01.DEBT.AGENCY failed. [2009/02/05 12:32:59, 5] rpc_parse/parse_prs.c:prs_uint8s(865) [2009/02/05 12:32:59, 1] winbindd/winbindd_ads.c:ads_cached_connection(127) ads_connect for domain AGENCY failed: No logon servers 0228 seq_num: dc 37 0c e6 12 f1 cb b5 [2009/02/05 12:32:59, 3] winbindd/winbindd_misc.c:winbindd_dual_list_trusted_domains(367) [2009/02/05 12:32:59, 5] rpc_parse/parse_prs.c:prs_uint8s(865) winbindd_dual_list_trusted_domains: trusted_domains returned NT_STATUS_UNSUCCESSFUL 0230 packet_digest: 86 66 f8 b1 a7 02 27 b8 [2009/02/05 12:32:59, 5] rpc_parse/parse_prs.c:prs_uint8s(865) [2009/02/05 12:32:59, 1] winbindd/winbindd_util.c:trustdom_recv(303) Could not receive trustdoms I don't understand what's TFSRV01.DEBT.AGENCY ???? And also why i always get the folloing error : winbindd_dual_list_trusted_domains: trusted_domains returned NT_STATUS_UNSUCCESSFUL Can you help me please?
password server and winbind parameters are set to not recommended values. Also cannot reproduce this problem with 4.0. if you can reproduce this with a cleaned up config and with a recent samba version, please reopen this bug with level 10 log files attached