Date: Fri, 20 Oct 2006 17:26:59 +0100 From: Ashley Moran <work@ashleymoran.me.uk> To: freebsd-questions@freebsd.org Subject: Samba file server with ActiveDirectory accounts... pw usershow not working Message-ID: <41089E7B-849E-470C-B953-AF2D2F3B17B6@ashleymoran.me.uk>
next in thread | raw e-mail | index | archive | help
Hi I asked about this a while back and a few of you were good enough to give me some pointers. I've been forced to look again at Samba because the single unmirrored disk not covered by the backup scripts that a certain sysadmin installed crashed the other day. So I thought we need a better solution. My ultimate aim is a server with a share for our company, which we can log into using our AD accounts and each have a personal folder. I already have my server joined to the domain from the last time I looked at this. Here are some diagnostics: # net ads testjoin Join is OK # wbinfo -D JIGSAWHQ Name : JIGSAWHQ Alt_Name : jigsawhq.com SID : S-1-5-21-1085031214-1957994488-1343024091 Active Directory : Yes Native : No Primary : Yes Sequence : 1172959 # wbinfo -u ...list of usernames... (not prepended by the domains, but neither is it on our Linux servers either) # wbinfo -g ...list of groups... # ntlm_auth --username=ashleymoran password: NT_STATUS_OK: Success (0x0) # cat /etc/nsswitch.conf group: files winbind hosts: files dns winbind networks: files passwd: files winbind shells: files However this command *should* now work, but doesn't: # pw user show PawelKaminski pw: no such user `PawelKaminski' The output in log.wb-JIGSAWHQ (winbindd -d3) is this below. Presumably this bit... [2006/10/20 16:35:18, 3] libsmb/clikrb5.c:ads_krb5_mk_req(552) ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory) is bad, but I don't know what it means or how to fix it (googling has left me no wiser) [2006/10/20 16:35:17, 3] nsswitch/ winbindd_async.c:winbindd_dual_lookupname(709) [93883]: lookupname JIGSAWHQ\PawelKaminski [2006/10/20 16:35:17, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(257) rpc: name_to_sid name=JIGSAWHQ\PawelKaminski [2006/10/20 16:35:17, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(265) name_to_sid [rpc] JIGSAWHQ\PawelKaminski for domain JIGSAWHQ [2006/10/20 16:35:17, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine JIGSAW-SBS02 pipe \lsarpc fnum 0x8012 bind request returned ok. [2006/10/20 16:35:17, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(941) Got challenge flags: [2006/10/20 16:35:17, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x62890235 [2006/10/20 16:35:17, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(963) NTLMSSP: Set final flags: [2006/10/20 16:35:17, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60080235 [2006/10/20 16:35:17, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2006/10/20 16:35:17, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60080235 [2006/10/20 16:35:17, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) lsa_io_sec_qos: length c does not match size 8 [2006/10/20 16:35:17, 3] nsswitch/ winbindd_user.c:winbindd_dual_userinfo(146) [93883]: lookupsid S-1-5-21-1085031214-1957994488-1343024091-1383 [2006/10/20 16:35:17, 3] nsswitch/winbindd_ads.c:query_user(478) ads: query_user [2006/10/20 16:35:17, 3] libsmb/namequery.c:get_dc_list(1426) get_dc_list: preferred server list: ", jigsaw-sbs02.jigsawhq.com" [2006/10/20 16:35:18, 3] libads/ldap.c:ads_connect(287) Connected to LDAP server 192.168.0.1 [2006/10/20 16:35:18, 3] libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2006/10/20 16:35:18, 3] libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2006/10/20 16:35:18, 3] libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2006/10/20 16:35:18, 3] libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2006/10/20 16:35:18, 3] libads/sasl.c:ads_sasl_spnego_bind(219) ads_sasl_spnego_bind: got server principal name =jigsaw-sbs02 $@JIGSAWHQ.COM [2006/10/20 16:35:18, 3] libsmb/clikrb5.c:ads_krb5_mk_req(552) ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory) [2006/10/20 16:35:18, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(488) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] expiration Sat, 21 Oct 2006 02:36:48 BST [2006/10/20 16:35:18, 3] nsswitch/winbindd_ads.c:query_user(535) ads query_user gave PawelKaminski I'd be very grateful if anyone has some hints on how to get this working. I've spent all day reading about Samba, Kerberos, Winbind, NSS and on and on... It's still new to me so I don't know how it glues together. THanks Ashley
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41089E7B-849E-470C-B953-AF2D2F3B17B6>