From: Christoph Kaminski on
Hi!

I can Join, wbinfo -u etc works but getent passwd doesnt...
I think the problem is: get this error:
'get_dc_list: preferred server list: ", *"'
but why does it not know my domain? (already joined)

Can someone help?

Greetz

Conf:

#GLOBAL PARAMETERS
[global]
workgroup = CHAOS
realm = chaos.local
password server = beelzebub.chaos.local
preferred master = no
server string = %h (Samba %v)
security = ADS
encrypt passwords = yes
log level = 3
log file = /var/log/samba/log.%m
max log size = 50
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
passdb backend = tdbsam
idmap backend = ad
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind nss info = rfc2307

krb:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = CHAOS.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes

[realms]
CHAOS.LOCAL = {
kdc = beelzebub.chaos.local
admin_server = beelzebub.chaos.local
default_domain = chaos.local
}

[domain_realm]
..belzebub.chaos.local = CHAOS.LOCAL
..chaos.local = CHAOS.LOCAL

#[kdc]
#profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}

Log: (after getent passwd)

[ 6293]: request interface version
[ 6293]: request location of privileged pipe
final write to client failed: Broken pipe
[ 6293]: setpwent
[ 6293]: getpwent
ads: query_user_list
get_dc_list: preferred server list: "beelzebub, beelzebub.chaos.local"
Successfully contacted LDAP server 192.168.50.80
get_dc_list: preferred server list: "beelzebub, beelzebub.chaos.local"
get_dc_list: preferred server list: "beelzebub, beelzebub.chaos.local"
Successfully contacted LDAP server 192.168.50.80
Connected to LDAP server beelzebub.chaos.local
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
ads_sasl_spnego_bind: got server principal name =
not_defined_in_RFC4178(a)please_ignore
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache]
expiration Fri, 27 Nov 2009 06:24:16 CET
ads_krb5_mk_req: server marked as OK to delegate to, building
forwardable TGT
get_dc_list: preferred server list: "beelzebub, beelzebub.chaos.local"
Successfully contacted LDAP server 192.168.50.80
get_dc_list: preferred server list: "beelzebub, beelzebub.chaos.local"
get_dc_list: preferred server list: "beelzebub, beelzebub.chaos.local"
Successfully contacted LDAP server 192.168.50.80
Connected to LDAP server beelzebub.chaos.local
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
ads_sasl_spnego_bind: got server principal name =
not_defined_in_RFC4178(a)please_ignore
ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache]
expiration Fri, 27 Nov 2009 06:28:22 CET
ads_krb5_mk_req: server marked as OK to delegate to, building
forwardable TGT
ads query_user_list gave 4 entries
get_dc_list: preferred server list: ", *"
Could not look up dc's for domain *
get_dc_list: preferred server list: ", *"
ads_dns_lookup_srv: Failed to resolve _ldap._tcp.dc._msdcs.* (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
get_dc_list: preferred server list: ", *"
get_dc_list: preferred server list: ", *"
Could not look up dc's for domain *
ad_idmap_init: failed to connect to AD
ADS uninitialized: No logon servers
default domain not writable
error getting user id for sid S-1-5-21-839142612-1421143767-3823028795-500
could not lookup domain user Administrator
get_dc_list: preferred server list: ", *"
Could not look up dc's for domain *
get_dc_list: preferred server list: ", *"
ads_dns_lookup_srv: Failed to resolve _ldap._tcp.dc._msdcs.* (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
get_dc_list: preferred server list: ", *"
get_dc_list: preferred server list: ", *"
Could not look up dc's for domain *
ad_idmap_init: failed to connect to AD
ADS uninitialized: No logon servers
default domain not writable
error getting user id for sid S-1-5-21-839142612-1421143767-3823028795-501
could not lookup domain user Gast
get_dc_list: preferred server list: ", *"
Could not look up dc's for domain *
get_dc_list: preferred server list: ", *"
ads_dns_lookup_srv: Failed to resolve _ldap._tcp.dc._msdcs.* (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
get_dc_list: preferred server list: ", *"
get_dc_list: preferred server list: ", *"
Could not look up dc's for domain *
ad_idmap_init: failed to connect to AD
ADS uninitialized: No logon servers
default domain not writable
error getting user id for sid S-1-5-21-839142612-1421143767-3823028795-502
could not lookup domain user krbtgt
get_dc_list: preferred server list: ", *"
Could not look up dc's for domain *
get_dc_list: preferred server list: ", *"
ads_dns_lookup_srv: Failed to resolve _ldap._tcp.dc._msdcs.* (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
get_dc_list: preferred server list: ", *"
get_dc_list: preferred server list: ", *"
Could not look up dc's for domain *
ad_idmap_init: failed to connect to AD
ADS uninitialized: No logon servers
default domain not writable
error getting user id for sid S-1-5-21-839142612-1421143767-3823028795-1103
could not lookup domain user perun
[ 6293]: endpwent
final write to client failed: Broken pipe

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba