Upgraded my PDC from FC7 to FC10, which is currently at 3.2.8. At this point my 3.0.31 (in my ReadyNAS) lost the domain groups. A fresh install of FC8 in a vmware box with 3.0.33 also was unable to get the domain users or domain group. From log.winbindd [2009/02/07 19:08:27, 1] nsswitch/winbindd_util.c:trustdom_recv(230) Could not receive trustdoms From log.wb-NLK [2009/02/08 06:19:52, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2363) cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error NT_STATUS_INVALID_PARAMETER [2009/02/08 06:25:01, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2363) cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error NT_STATUS_INVALID_PARAMETER
Can you please provide more information, like a log level = 10 winbind logfile ? Thanks.
Created attachment 3937 [details] Logfiles log level 10, log.winbindd, log.wb-NLK, log.wb-VMLINUX Added log level to smb.conf. Stopped, removed old log files, restart winbind. Added wbinfo -u at the end. Attached zip file with logs log.winbindd log.wb-NLK log.wb-VMLINUX
Created attachment 3938 [details] New set logs after fresh join. log level = 10 I reran the previous test. 0. stopped winbind on client 1. on PDC removed machine entry 2. on client joined (logfile typescript) 3. displayed machine entry (logfile PDC.log) 4. set smb.conf log level = 10 5. restarted winbindd Results attached
Created attachment 3939 [details] Logs from PDC side. log level = 10 From the PDC side. Did the run again. 0. Removed machine account (pdbedit -x -u vmlinux$) 1. winbind brought down 2. joined the domain. Successful 3. started winbind 4. wbinfo -u # Failed 5. wbinfo -g # Failed 6. net rpc user -S central # Succeeded
I experience same using OpenSUSE 11.1's samba-3.2.6-0.3.1-2042-SUSE-CODE11 and ReadyNAS's 3.0.31; blocks at "Could not receive trustdoms".
(In reply to comment #1) > Can you please provide more information, like a log level = 10 winbind logfile > ? Thanks. > Were the logs I provided sufficient? Do you need anything further? I'm currently at an impasse. All of the security that depends on groups, has been blown out of the water, and I've had to open things up a bit more than I really like.
(In reply to comment #6) > (In reply to comment #1) > > Can you please provide more information, like a log level = 10 winbind logfile > > ? Thanks. > > > Were the logs I provided sufficient? Do you need anything further? > I'm currently at an impasse. All of the security that depends on groups, has > been blown out of the water, and I've had to open things up a bit more than I > really like. BUG https://bugzilla.samba.org/show_bug.cgi?id=6177 is the same bug......
Same as this: https://bugzilla.samba.org/show_bug.cgi?id=6089 My "workaround" is to comment everything in map_max_allowed_access in source/rpc_server/srv_samr_nt.c
Ok, samr access checks again :-) This has been resolved in master and v3-4-test and we are currently collecting patches for Samba 3.3 and 3.2.
*** Bug 6177 has been marked as a duplicate of this bug. ***
Fixed for next Samba 3.2 release (by reverting to previous behaviour).