Samba 3.0.30: Still some winbindd issue? - Samba

This is a discussion on Samba 3.0.30: Still some winbindd issue? - Samba ; Dear all I strongly feel there is still an open issue with winbindd and trusted domains (3.0.30). What I have tried (in sequence) is the following: (1)Access a share from domain DOSIM000 : OK (2)Access a share from domain EUROPE ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Samba 3.0.30: Still some winbindd issue?

  1. Samba 3.0.30: Still some winbindd issue?

    Dear all

    I strongly feel there is still an open issue with winbindd and trusted domains (3.0.30).
    What I have tried (in sequence) is the following:

    (1)Access a share from domain DOSIM000 : OK
    (2)Access a share from domain EUROPE : OK
    (3)Access a share from domain DOSIM000 : NOK

    Between steps 2 and 3, the AIX syslog shows the following:

    Jun 5 09:41:46 sv104u daemon:err|error winbindd[708640]: [2008/06/05 09:41:46, 0] nsswitch/winbindd_dual.c:async_request_timeout_handler(182)
    Jun 5 09:41:46 sv104u daemon:err|error winbindd[708640]: async_request_timeout_handler: child pid 593940 is not responding. Closing connection to it.
    Jun 5 09:41:46 sv104u daemon:err|error winbindd[405724]: [2008/06/05 09:41:46, 0] nsswitch/winbindd_dual.c:async_request_timeout_handler(182)
    Jun 5 09:41:46 sv104u daemon:err|error winbindd[405724]: async_request_timeout_handler: child pid 593940 is not responding. Closing connection to it.

    As a result, the log.smbd shows the following when doing (3):
    [2008/06/05 09:42:49, 1] smbd/sesssetup.c:reply_spnego_kerberos(439)
    Username DOSIM000+WS10015559$ is invalid on this system

    After restarting smbd and winbindd, everythings works just fine again.

    What do you guys think?


    Miguel SANDERS
    ArcelorMittal Gent

    UNIX System Administrator | SAP Infrastructure Group John Kennedylaan 51, B-9042 Gent

    T +32 9 347 3538 | F +32 9 347 4901 | M +32478 805 023 E miguel.sanders@arcelormittal.com www.arcelormittal.com/gent


    -----Oorspronkelijk bericht-----
    Van: William Jojo [mailto:jojowil@hvcc.edu]
    Verzonden: woensdag 4 juni 2008 14:04
    Aan: SANDERS Miguel
    Onderwerp: Re: FW: Samba 3.0.29



    ---- Original message ----
    >Date: Wed, 4 Jun 2008 08:18:40 +0200
    >From: miguel.sanders@arcelormittal.com
    >Subject: FW: Samba 3.0.29
    >To: jojowil@hvcc.edu
    >
    >
    >Argh
    >
    >I forget to adapt the /usr/lib/security/methods.cfg file for the WINBIND LAM...
    >Sorry, problem is fixed now :-)
    >


    I was *just* about to ask that! Ha!

    Congrats!


    Cheers,
    Bill


    >Miguel SANDERS
    >ArcelorMittal Gent
    >
    >UNIX System Administrator | SAP Infrastructure Group John Kennedylaan
    >51, B-9042 Gent
    >
    >T +32 9 347 3538 | F +32 9 347 4901 | M +32478 805 023 E
    >miguel.sanders@arcelormittal.com www.arcelormittal.com/gent
    >
    >
    >-----Oorspronkelijk bericht-----
    >Van: SANDERS Miguel
    >Verzonden: woensdag 4 juni 2008 7:53
    >Aan: 'William Jojo'
    >Onderwerp: RE: Samba 3.0.29
    >
    >Hi Bill
    >
    >Do you have any idea?
    >
    >Thnx!
    >
    >
    >Miguel SANDERS
    >ArcelorMittal Gent
    >
    >UNIX System Administrator | SAP Infrastructure Group John Kennedylaan
    >51, B-9042 Gent
    >
    >T +32 9 347 3538 | F +32 9 347 4901 | M +32478 805 023 E
    >miguel.sanders@arcelormittal.com www.arcelormittal.com/gent
    >
    >
    >-----Oorspronkelijk bericht-----
    >Van: SANDERS Miguel
    >Verzonden: maandag 2 juni 2008 8:03
    >Aan: 'William Jojo'
    >Onderwerp: RE: Samba 3.0.29
    >
    >Hi Bill
    >
    >I have been looking at this issue more thoroughly.
    >( I installed 3.0.30 on a fresh box so no upgrading issues for the TDB files).
    >Whenever I want to connect to a share, I get the following error in log.smbd even though everything works fine.
    >
    >[2008/06/02 07:58:43, 1] smbd/sesssetup.c:reply_spnego_kerberos(439)
    > Username DOSIM000+WS10015559$ is invalid on this system
    >[2008/06/02 07:58:43, 1] smbd/sesssetup.c:reply_spnego_kerberos(439)
    > Username DOSIM000+WS10015559$ is invalid on this system
    >[2008/06/02 07:58:43, 1] smbd/sesssetup.c:reply_spnego_kerberos(439)
    >
    >Where DOSIM000 is the Pre Windows 2000 name of our Active Directory domainand WS10015559$ is my local Windows XP client machine, trying to access theshare.
    >
    >Smb.conf
    >
    >[global]
    > workgroup = DOSIM000
    > realm = SIDMAR.BE
    > server string = AIX Samba %v
    > security = ADS
    > ldap ssl = no
    > idmap uid = 500-10000
    > idmap gid = 500-10000
    > winbind separator = +
    >
    >I didn't have these issues with 3.0.24.
    >
    >Miguel SANDERS
    >ArcelorMittal Gent
    >
    >UNIX System Administrator | SAP Infrastructure Group John Kennedylaan
    >51, B-9042 Gent
    >
    >T +32 9 347 3538 | F +32 9 347 4901 | M +32478 805 023 E
    >miguel.sanders@arcelormittal.com www.arcelormittal.com/gent
    >
    >
    >-----Oorspronkelijk bericht-----
    >Van: William Jojo [mailto:jojowil@hvcc.edu]
    >Verzonden: zaterdag 31 mei 2008 21:43
    >Aan: SANDERS Miguel
    >Onderwerp: RE: Samba 3.0.29
    >
    >
    >
    >---- Original message ----
    >>Date: Sat, 31 May 2008 20:20:07 +0200
    >>From: miguel.sanders@arcelormittal.com
    >>Subject: RE: Samba 3.0.29
    >>To: jojowil@hvcc.edu
    >>
    >>Actually I copied no tdb files from 24 to 29.
    >>Could that be causing the Username DOSIM000+COMPUTERNAME$ is invalid on this system when I do the upgrade?
    >>(Even though I did rejoin the domain after the upgrade).
    >>

    >
    >I would need to know more. What is this machine joined to? Which machine isthe domain DOSIM000?
    >
    >The winbind_idmap.tdb keeps a record of mappings of remote users/groups tolocal uid/gid values. That may be a place to start.
    >
    >Did the pam fix work for you?
    >
    >Cheers,
    >Bill
    >
    >
    >>Thnx!
    >>
    >>
    >>Miguel SANDERS
    >>ArcelorMittal Gent
    >>
    >>UNIX System Administrator | SAP Infrastructure Group John Kennedylaan
    >>51, B-9042 Gent
    >>
    >>T +32 9 347 3538 | F +32 9 347 4901 | M +32478 805 023 E
    >>miguel.sanders@arcelormittal.com www.arcelormittal.com/gent
    >>
    >>
    >>-----Oorspronkelijk bericht-----
    >>Van: William Jojo [mailto:jojowil@hvcc.edu]
    >>Verzonden: zaterdag 31 mei 2008 18:23
    >>Aan: SANDERS Miguel
    >>Onderwerp: Re: Samba 3.0.29
    >>
    >>
    >>
    >>I did receive your other emails. I will forward the PAM solution.
    >>
    >>Also, when you upgraded to 29, did you copy the secrets.tdb and other important tdb files as stated in the Samba docs?
    >>
    >>http://us4.samba.org/samba/docs/man/...on/install.htm
    >>l
    >>#tdbpermfiledesc
    >>
    >>
    >>Also there was an interesting patch to 3.0.30 I saw yesterday that Jeremymentioned was from Geunter regarding trusts. Let me look closer at that patch.
    >>
    >>
    >>Cheers,
    >>Bill
    >>
    >>
    >>---- Original message ----
    >>>Date: Sat, 31 May 2008 11:19:23 +0200
    >>>From: miguel.sanders@arcelormittal.com
    >>>Subject: Samba 3.0.29
    >>>To: jojowil@hvcc.edu
    >>>
    >>> Hi Bill
    >>>
    >>> There have been some issues with the mailrouting for my account (I
    >>> couldn't receive mails from outside the company WAN) so I was
    >>> wondering if you have received my previous mail and you could help me.
    >>>
    >>> Thnx!
    >>>
    >>> Met vriendelijke groet
    >>> Best regards
    >>> Bien vous
    >>>
    >>> Miguel SANDERS
    >>> ArcelorMittal Gent
    >>>
    >>> UNIX System Administrator | SAP Infrastructure Group
    >>> John Kennedylaan 51, B-9042 Gent
    >>>
    >>> T +32 9 347 3538 | F +32 9 347 4901 | M +32478 805 023
    >>> E miguel.sanders@arcelormittal.com
    >>> www.arcelormittal.com/gent
    >>>
    >>> ************************************************** ******************************
    >>> This message and any attachment are confidential, intended solely for
    >>> the use of the individual or entity to whom it is addressed and may be
    >>> protected by professional secrecy or intellectual property rights.
    >>> If you have received it by mistake, or are not the named recipient(s),
    >>> please immediately notify the sender and delete the message. You are
    >>> hereby notified that any unauthorized use, copying or dissemination of
    >>> any or all information contained in this message is prohibited.
    >>> Arcelormittal shall not be liable for the message if altered,
    >>> falsified, or in case of error in the recipient.
    >>> This message does not constitute any right or commitment for
    >>> ArcelorMittal except when expressly agreed otherwise in writing in a
    >>> separate agreement.
    >>>
    >>> ************************************************** ******************
    >>> *
    >>> *
    >>> **********

    >>
    >>****
    >>This message and any attachment are confidential, intended solely for theuse of the individual or entity to whom it is addressed and may be protected by professional secrecy or intellectual property rights.
    >>If you have received it by mistake, or are not the named recipient(s), please immediately notify the sender and delete the message. You are hereby notified that any unauthorized use, copying or dissemination of any or all information contained in this message is prohibited.
    >>Arcelormittal shall not be liable for the message if altered, falsified, or in case of error in the recipient.
    >>This message does not constitute any right or commitment for ArcelorMittalexcept when expressly agreed otherwise in writing in a separate agreement.
    >>****

    >
    >****
    >This message and any attachment are confidential, intended solely for the use of the individual or entity to whom it is addressed and may be protectedby professional secrecy or intellectual property rights.
    >If you have received it by mistake, or are not the named recipient(s), please immediately notify the sender and delete the message. You are hereby notified that any unauthorized use, copying or dissemination of any or all information contained in this message is prohibited.
    >Arcelormittal shall not be liable for the message if altered, falsified, orin case of error in the recipient.
    >This message does not constitute any right or commitment for ArcelorMittalexcept when expressly agreed otherwise in writing in a separate agreement.
    >****


    ****
    This message and any attachment are confidential, intended solely for the use of the individual or entity to whom it is addressed and may be protected by professional secrecy or intellectual property rights.
    If you have received it by mistake, or are not the named recipient(s), please immediately notify the sender and delete the message. You are hereby notified that any unauthorized use, copying or dissemination of any or all information contained in this message is prohibited.
    Arcelormittal shall not be liable for the message if altered, falsified, orin case of error in the recipient.
    This message does not constitute any right or commitment for ArcelorMittal except when expressly agreed otherwise in writing in a separate agreement.
    ****


  2. Re: Samba 3.0.30: Still some winbindd issue?

    Is this issue related to the

    "The winbind /tmp/ pipe removal by child process fix "

    Jeremy mentioned some time ago ?

+ Reply to Thread