Winbind Problem Related to AD & Trusted Domain?

Issues related to configuring your network
Post Reply
StAlphonzo
Posts: 1
Joined: 2008/05/22 02:37:32
Contact:

Winbind Problem Related to AD & Trusted Domain?

Post by StAlphonzo » 2008/05/22 03:00:01

Please pardon my lack of expertise with Samba/Winbind but we recently lost our main Linux tech and I'm trying to solve a big problem. I'm a Windows admin who wishes, when he grows up, to become an almighty LINUX GOD.

Having difficulty getting winbind to work properly. Here is what I believe the pertinent error to be:

In /var/log/samba/winbind.log I see this:

winbindd version 3.0.25b-1.el4_6.4 started.
Copyright Andrew Tridgell and the Samba Team 1992-2007
[2008/05/21 19:13:08, 0] nsswitch/winbindd_cache.c:initialize_winbindd_cache(2221)
initialize_winbindd_cache: clearing cache and re-creating with version number 1
[2008/05/21 19:13:49, 1] libsmb/clikrb5.c:ads_krb5_mk_req(602)
ads_krb5_mk_req: krb5_get_credentials failed for user$@TRUSTEDDOMAIN.CN(Cannot resolve network address for KDC in requested realm)
[2008/05/21 19:13:49, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(619)
cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Cannot resolve network address for KDC in requested realm
[2008/05/21 19:14:01, 1] nsswitch/winbindd_ads.c:ads_cached_connection(128)
ads_connect for domain TRUSTEDDOMAIN failed: No logon servers
[2008/05/21 19:14:24, 1] libads/ldap_utils.c:ads_do_search_retry_internal(115)
ads reopen failed after error Timed out

Where "TRUSTEDDOMAIN" is a two-way transitive trust to another domain within our network. It is not the primary domain we've set Samba to work with in smb.conf and krb5.conf

I can successfully run wbinfo -t and I've run kinit -Uadminuser@PRIMARYDOMAIN and authenticated just fine. However, when I run wbinfo -u I receive the error "Error looking up domain users" and, obviously, no one can access their samba shares.

So, one, is there a reason why it appears as though winbind is trying to authenticate against a trusted domain instead of the proimary domain we've set in the conf files? Two, is this really my problem or is it something else that I need to do (besides learn).

Again your assistance is much appreciated. Thank you!

scottro
Forum Moderator
Posts: 2462
Joined: 2007/09/03 21:18:09
Location: NYC
Contact:

Winbind Problem Related to AD & Trusted Domain?

Post by scottro » 2008/05/22 12:37:06

There's a lot that can go wrong with it. :)
I have a little page that worked for me.
http://home.nyc.rr.com/computertaijutsu/adsamba.html

Note my link at the end to the troubleshooting guide at samba.org. It can often be quite helpful.

Post Reply

Return to “CentOS 4 - Networking Support”