wins or windbind problem? - help please
in [Samba]
|
Prev: [Samba] Microsoft OneNote 2007 painfully slow
Next: [Samba] samba printing from 64-bit windows server 2008
From: Pablo Chamorro C. on 7 Jun 2010 18:50 >> I have four domains in my LAN. I set up trust relationships for the >> domains, having each PDC working as wins server for each domain but I >> hd not set up winbind. I have samba3-3.3.12 + ldap (openldap 2.4.21) >> as users backend. >> >> I mean, I have wins support = yes for each PDC, and I can access to >> the shared folders of each PDC from any windows computer from my LAN. > > The samba docs are pretty clear. In order for interdomain trusts to > work all PDC's must use the same wins server. I apreciate your time and your answer. Well, in the samba docs you can also read that the use of interdomain trusts requires use of winbind, that's why I'm asking. Well, In the redhat docs, I found also: "In a mixed NT/2000/2003 server and Samba environment, it is recommended that you use the Microsoft WINS capabilities." That's why I'm asking for an advice from people who have more experience and knowledge. Thank you, Pablo Chamorro > >> >> >> The problem is accessing to windows PCs from different domains. I >> mean, from pc1-domain1 I can't list the shares of pc2-domain2 (access >> denied), and when I try to connect to \\pc2-domain2\share the error >> message is: >> >> \\pc2-domain2 is not accesible >> There are currently no logon servers to service the request logon. >> >> Previously I shared the 'share' folder in pc2-domain2 PC and added >> permissions for users from domain1 and domain2 successfully. >> >> Trying from a Linux server, a guest try shows: >> >> [user]$ smbclient //pc2-domain2/share >> Password: >> Anonymous login successful >> Domain=[SMINERO] OS=[Windows Server 2003 R2 3790 Service Pack 2] >> Server=[Windows Server 2003 R2 5.2] >> tree connect failed: NT_STATUS_ACCESS_DENIED >> >> Trying using a user account from domain2: >> >> [user]$ smbclient //pc2-domain2/share -U domain2/user >> >> Password: session setup failed: NT_STATUS_NO_LOGON_SERVERS >> >> The domain2 PDC log is: >> >> "domain_client_validate: Domain password server not available. >> [2010/06/05 08:43:40, 5] auth/auth.c:check_ntlm_password(272) >> check_ntlm_password: winbind authentication for user [xxxxx] FAILED >> with error NT_STATUS_NO_LOGON_SERVERS >> >> [2010/06/05 08:43:40, 2] auth/auth.c:check_ntlm_password(318) >> check_ntlm_password: Authentication for user [xxxxxx] -> [xxxxx] >> FAILED with error NT_STATUS_NO_LOGON_SERVERS". >> >> I tried adding PDC data from the wins.dat file from PDC2 to the >> wins.file from PDC1 (and in the other way) but it didn't work. I have >> this: >> >> "PDC2#00" 1275960126 172.25.1.24 66R >> "PDC2#03" 1275960126 172.25.1.24 66R >> "PDC2#20" 1275960126 172.25.1.24 66R >> "PDC1#00" 1276005993 172.25.1.8 66R >> "PDC1#03" 1276005993 172.25.1.8 66R >> "PDC1#20" 1276005993 172.25.1.8 66R >> >> Please, here my questions: >> >> 1. Could you please give me an advice for my problem? >> >> 2. Should I setup only an only wins server? The one from samba4wins? >> Where? In one of the PDCs or in other server? >> >> Thank you, >> >> Pablo Chamorro >> >> --- >> Ext. 8705 >> >> Tel: +57 (2) 7302593/7320752/7323272 - Fax: +57 (2) 7325014 >> Calle 27 N° 9 ESTE - 25, Barrio La Carolina - Pasto >> >> Este mensaje de correo electrónico fue analizado por el antivirus >> institucional Mcafee y su contenido está dirigido para >> el uso exclusivo de los destinatarios direccionados y puede contener >> información que es privilegiada, confidencial y exime de divulgación >> bajo Ley Aplicable. Si usted no es un destinatario previsto o el >> agente responsable de entregar este email al destinatario (s) >> previsto, se le notifica por este medio que cualquier uso, difusión, >> distribución o copia de esta comunicación está prohibida y puede >> terminantemente ser ilegal. Si usted recibió este email por error, >> notifique por favor al remitente inmediatamente contestando a este >> email o por teléfono y borre el email que se le envió por error. >> >> >> >> This electronic mail message was scanned by the Mcafee anti-virus and >> its contents are intended only for >> the use of the addressed recipient(s) and may contain information that >> is privileged, confidential and exempt from disclosure under >> applicable law. If you are not an intended recipient, or the agent >> responsible for dlivering this email to the intended recipient(s), you >> are hereby notified that any use, dissemination, distribution or >> copying of this communication is strictly prohibited and may be >> unlawful. If you received this email in error, please notify the >> sender immediately by replying to this email or by telephone and >> delete the email sent in error. >> > > > > > > Este mensaje de correo electrónico fue analizado por el antivirus > institucional Mcafee y su contenido está dirigido para > el uso exclusivo de los destinatarios direccionados y puede contener > información que es privilegiada, confidencial y exime de divulgación > bajo Ley Aplicable. Si usted no es un destinatario previsto o el > agente responsable de entregar este email al destinatario (s) > previsto, se le notifica por este medio que cualquier uso, difusión, > distribución o copia de esta comunicación está prohibida y puede > terminantemente ser ilegal. Si usted recibió este email por error, > notifique por favor al remitente inmediatamente contestando a este > email o por teléfono y borre el email que se le envió por error. > > > > This electronic mail message was scanned by the Mcafee anti-virus and its > contents are intended only for > the use of the addressed recipient(s) and may contain information that > is privileged, confidential and exempt from disclosure under > applicable law. If you are not an intended recipient, or the agent > responsible for dlivering this email to the intended recipient(s), you > are hereby notified that any use, dissemination, distribution or > copying of this communication is strictly prohibited and may be > unlawful. If you received this email in error, please notify the > sender immediately by replying to this email or by telephone and > delete the email sent in error. > > --- Ext. 8705 Tel: +57 (2) 7302593/7320752/7323272 - Fax: +57 (2) 7325014 Calle 27 N° 9 ESTE - 25, Barrio La Carolina - Pasto Este mensaje de correo electrónico fue analizado por el antivirus institucional Mcafee y su contenido está dirigido para el uso exclusivo de los destinatarios direccionados y puede contener información que es privilegiada, confidencial y exime de divulgación bajo Ley Aplicable. Si usted no es un destinatario previsto o el agente responsable de entregar este email al destinatario (s) previsto, se le notifica por este medio que cualquier uso, difusión, distribución o copia de esta comunicación está prohibida y puede terminantemente ser ilegal. Si usted recibió este email por error, notifique por favor al remitente inmediatamente contestando a este email o por teléfono y borre el email que se le envió por error. This electronic mail message was scanned by the Mcafee anti-virus and its contents are intended only for the use of the addressed recipient(s) and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not an intended recipient, or the agent responsible for dlivering this email to the intended recipient(s), you are hereby notified that any use, dissemination, distribution or copying of this communication is strictly prohibited and may be unlawful. If you received this email in error, please notify the sender immediately by replying to this email or by telephone and delete the email sent in error.
From: Gaiseric Vandal on 8 Jun 2010 09:20 WINS handles machine name resolution and locating domain controllers. WINS is a legacy of NT4 days when DNS was something for unix users only. You could probably work around the multiple WINS server issues by using lmhosts (I had some success with that) but it is probably simpler to just designate a primary WINS server- since it sounds like everything is on the same LAN (no multiple subnets or routing.) I never had luck editing the wins data files. Winbind handles looking up user accounts in other domains and allocating them uid and gids in the local domain. The major advantage of using a Microsoft server as a WINS server is that it handles WINS replication- which can be useful if you have a routed network and need multiple WINS servers. I don't know how many clients a single WINS server can support- if you have under 50 Windows machines I think you are OK. It is also easier to view entries, add static entries and purge old entries with a Windows WINS server. But I don't think that justifies migrating from Samba WINS server if that Samba one is working fine. On 06/07/2010 06:40 PM, Pablo Chamorro C. wrote: >>> I have four domains in my LAN. I set up trust relationships for the >>> domains, having each PDC working as wins server for each domain but >>> I hd not set up winbind. I have samba3-3.3.12 + ldap (openldap >>> 2.4.21) as users backend. >>> >>> I mean, I have wins support = yes for each PDC, and I can access to >>> the shared folders of each PDC from any windows computer from my LAN. >> >> The samba docs are pretty clear. In order for interdomain trusts to >> work all PDC's must use the same wins server. > > I apreciate your time and your answer. > > Well, in the samba docs you can also read that the use of interdomain > trusts requires use of winbind, that's why I'm asking. > > Well, In the redhat docs, I found also: > > "In a mixed NT/2000/2003 server and Samba environment, it is > recommended that you use the Microsoft WINS capabilities." > > That's why I'm asking for an advice from people who have more > experience and knowledge. > > Thank you, > > Pablo Chamorro > > >> >>> >>> >>> The problem is accessing to windows PCs from different domains. I >>> mean, from pc1-domain1 I can't list the shares of pc2-domain2 >>> (access denied), and when I try to connect to \\pc2-domain2\share >>> the error message is: >>> >>> \\pc2-domain2 is not accesible >>> There are currently no logon servers to service the request logon. >>> >>> Previously I shared the 'share' folder in pc2-domain2 PC and added >>> permissions for users from domain1 and domain2 successfully. >>> >>> Trying from a Linux server, a guest try shows: >>> >>> [user]$ smbclient //pc2-domain2/share >>> Password: >>> Anonymous login successful >>> Domain=[SMINERO] OS=[Windows Server 2003 R2 3790 Service Pack 2] >>> Server=[Windows Server 2003 R2 5.2] >>> tree connect failed: NT_STATUS_ACCESS_DENIED >>> >>> Trying using a user account from domain2: >>> >>> [user]$ smbclient //pc2-domain2/share -U domain2/user >>> >>> Password: session setup failed: NT_STATUS_NO_LOGON_SERVERS >>> >>> The domain2 PDC log is: >>> >>> "domain_client_validate: Domain password server not available. >>> [2010/06/05 08:43:40, 5] auth/auth.c:check_ntlm_password(272) >>> check_ntlm_password: winbind authentication for user [xxxxx] FAILED >>> with error NT_STATUS_NO_LOGON_SERVERS >>> >>> [2010/06/05 08:43:40, 2] auth/auth.c:check_ntlm_password(318) >>> check_ntlm_password: Authentication for user [xxxxxx] -> [xxxxx] >>> FAILED with error NT_STATUS_NO_LOGON_SERVERS". >>> >>> I tried adding PDC data from the wins.dat file from PDC2 to the >>> wins.file from PDC1 (and in the other way) but it didn't work. I >>> have this: >>> >>> "PDC2#00" 1275960126 172.25.1.24 66R >>> "PDC2#03" 1275960126 172.25.1.24 66R >>> "PDC2#20" 1275960126 172.25.1.24 66R >>> "PDC1#00" 1276005993 172.25.1.8 66R >>> "PDC1#03" 1276005993 172.25.1.8 66R >>> "PDC1#20" 1276005993 172.25.1.8 66R >>> >>> Please, here my questions: >>> >>> 1. Could you please give me an advice for my problem? >>> >>> 2. Should I setup only an only wins server? The one from >>> samba4wins? Where? In one of the PDCs or in other server? >>> >>> Thank you, >>> >>> Pablo Chamorro >>> >>> --- >>> Ext. 8705 >>> >>> Tel: +57 (2) 7302593/7320752/7323272 - Fax: +57 (2) 7325014 >>> Calle 27 N° 9 ESTE - 25, Barrio La Carolina - Pasto >>> >>> Este mensaje de correo electrónico fue analizado por el antivirus >>> institucional Mcafee y su contenido está dirigido para >>> el uso exclusivo de los destinatarios direccionados y puede contener >>> información que es privilegiada, confidencial y exime de divulgación >>> bajo Ley Aplicable. Si usted no es un destinatario previsto o el >>> agente responsable de entregar este email al destinatario (s) >>> previsto, se le notifica por este medio que cualquier uso, difusión, >>> distribución o copia de esta comunicación está prohibida y puede >>> terminantemente ser ilegal. Si usted recibió este email por error, >>> notifique por favor al remitente inmediatamente contestando a este >>> email o por teléfono y borre el email que se le envió por error. >>> >>> >>> >>> This electronic mail message was scanned by the Mcafee anti-virus >>> and its contents are intended only for >>> the use of the addressed recipient(s) and may contain information that >>> is privileged, confidential and exempt from disclosure under >>> applicable law. If you are not an intended recipient, or the agent >>> responsible for dlivering this email to the intended recipient(s), you >>> are hereby notified that any use, dissemination, distribution or >>> copying of this communication is strictly prohibited and may be >>> unlawful. If you received this email in error, please notify the >>> sender immediately by replying to this email or by telephone and >>> delete the email sent in error. >>> >> >> >> >> >> >> Este mensaje de correo electrónico fue analizado por el antivirus >> institucional Mcafee y su contenido está dirigido para >> el uso exclusivo de los destinatarios direccionados y puede contener >> información que es privilegiada, confidencial y exime de divulgación >> bajo Ley Aplicable. Si usted no es un destinatario previsto o el >> agente responsable de entregar este email al destinatario (s) >> previsto, se le notifica por este medio que cualquier uso, difusión, >> distribución o copia de esta comunicación está prohibida y puede >> terminantemente ser ilegal. Si usted recibió este email por error, >> notifique por favor al remitente inmediatamente contestando a este >> email o por teléfono y borre el email que se le envió por error. >> >> >> >> This electronic mail message was scanned by the Mcafee anti-virus and >> its contents are intended only for >> the use of the addressed recipient(s) and may contain information that >> is privileged, confidential and exempt from disclosure under >> applicable law. If you are not an intended recipient, or the agent >> responsible for dlivering this email to the intended recipient(s), you >> are hereby notified that any use, dissemination, distribution or >> copying of this communication is strictly prohibited and may be >> unlawful. If you received this email in error, please notify the >> sender immediately by replying to this email or by telephone and >> delete the email sent in error. >> >> > > --- > Ext. 8705 > > Tel: +57 (2) 7302593/7320752/7323272 - Fax: +57 (2) 7325014 > Calle 27 N° 9 ESTE - 25, Barrio La Carolina - Pasto > > Este mensaje de correo electrónico fue analizado por el antivirus > institucional Mcafee y su contenido está dirigido para > el uso exclusivo de los destinatarios direccionados y puede contener > información que es privilegiada, confidencial y exime de divulgación > bajo Ley Aplicable. Si usted no es un destinatario previsto o el > agente responsable de entregar este email al destinatario (s) > previsto, se le notifica por este medio que cualquier uso, difusión, > distribución o copia de esta comunicación está prohibida y puede > terminantemente ser ilegal. Si usted recibió este email por error, > notifique por favor al remitente inmediatamente contestando a este > email o por teléfono y borre el email que se le envió por error. > > > > This electronic mail message was scanned by the Mcafee anti-virus and > its contents are intended only for > the use of the addressed recipient(s) and may contain information that > is privileged, confidential and exempt from disclosure under > applicable law. If you are not an intended recipient, or the agent > responsible for dlivering this email to the intended recipient(s), you > are hereby notified that any use, dissemination, distribution or > copying of this communication is strictly prohibited and may be > unlawful. If you received this email in error, please notify the > sender immediately by replying to this email or by telephone and > delete the email sent in error. > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Pablo Chamorro C. on 22 Jun 2010 16:50
On Tue, 8 Jun 2010, Gaiseric Vandal wrote: > WINS handles machine name resolution and locating domain controllers. > WINS is a legacy of NT4 days when DNS was something for unix users > only. You could probably work around the multiple WINS server issues > by using lmhosts (I had some success with that) but it is probably > simpler to just designate a primary WINS server- since it sounds like > everything is on the same LAN (no multiple subnets or routing.) I never > had luck editing the wins data files. > Winbind handles looking up user accounts in other domains and allocating > them uid and gids in the local domain. I haven't found time to try using lmhost. And I'm just starting to learn how winbind works, thank you. > The major advantage of using a Microsoft server as a WINS server is that > it handles WINS replication- which can be useful if you have a routed > network and need multiple WINS servers. I don't know how many clients > a single WINS server can support- if you have under 50 Windows machines > I think you are OK. It is also easier to view entries, add static > entries and purge old entries with a Windows WINS server. But I don't > think that justifies migrating from Samba WINS server if that Samba one > is working fine. I think I have something wrong in my wins setup. I let you know my findings. Thank you very much:) Pablo Chamorro > On 06/07/2010 06:40 PM, Pablo Chamorro C. wrote: >>>> I have four domains in my LAN. I set up trust relationships for the >>>> domains, having each PDC working as wins server for each domain but >>>> I hd not set up winbind. I have samba3-3.3.12 + ldap (openldap >>>> 2.4.21) as users backend. >>>> >>>> I mean, I have wins support = yes for each PDC, and I can access to >>>> the shared folders of each PDC from any windows computer from my LAN. >>> >>> The samba docs are pretty clear. In order for interdomain trusts to >>> work all PDC's must use the same wins server. >> >> I apreciate your time and your answer. >> >> Well, in the samba docs you can also read that the use of interdomain >> trusts requires use of winbind, that's why I'm asking. >> >> Well, In the redhat docs, I found also: >> >> "In a mixed NT/2000/2003 server and Samba environment, it is >> recommended that you use the Microsoft WINS capabilities." >> >> That's why I'm asking for an advice from people who have more >> experience and knowledge. >> >> Thank you, >> >> Pablo Chamorro >> >> >>> >>>> >>>> >>>> The problem is accessing to windows PCs from different domains. I >>>> mean, from pc1-domain1 I can't list the shares of pc2-domain2 >>>> (access denied), and when I try to connect to \\pc2-domain2\share >>>> the error message is: >>>> >>>> \\pc2-domain2 is not accesible >>>> There are currently no logon servers to service the request logon. >>>> >>>> Previously I shared the 'share' folder in pc2-domain2 PC and added >>>> permissions for users from domain1 and domain2 successfully. >>>> >>>> Trying from a Linux server, a guest try shows: >>>> >>>> [user]$ smbclient //pc2-domain2/share >>>> Password: >>>> Anonymous login successful >>>> Domain=[SMINERO] OS=[Windows Server 2003 R2 3790 Service Pack 2] >>>> Server=[Windows Server 2003 R2 5.2] >>>> tree connect failed: NT_STATUS_ACCESS_DENIED >>>> >>>> Trying using a user account from domain2: >>>> >>>> [user]$ smbclient //pc2-domain2/share -U domain2/user >>>> >>>> Password: session setup failed: NT_STATUS_NO_LOGON_SERVERS >>>> >>>> The domain2 PDC log is: >>>> >>>> "domain_client_validate: Domain password server not available. >>>> [2010/06/05 08:43:40, 5] auth/auth.c:check_ntlm_password(272) >>>> check_ntlm_password: winbind authentication for user [xxxxx] FAILED >>>> with error NT_STATUS_NO_LOGON_SERVERS >>>> >>>> [2010/06/05 08:43:40, 2] auth/auth.c:check_ntlm_password(318) >>>> check_ntlm_password: Authentication for user [xxxxxx] -> [xxxxx] >>>> FAILED with error NT_STATUS_NO_LOGON_SERVERS". >>>> >>>> I tried adding PDC data from the wins.dat file from PDC2 to the >>>> wins.file from PDC1 (and in the other way) but it didn't work. I >>>> have this: >>>> >>>> "PDC2#00" 1275960126 172.25.1.24 66R >>>> "PDC2#03" 1275960126 172.25.1.24 66R >>>> "PDC2#20" 1275960126 172.25.1.24 66R >>>> "PDC1#00" 1276005993 172.25.1.8 66R >>>> "PDC1#03" 1276005993 172.25.1.8 66R >>>> "PDC1#20" 1276005993 172.25.1.8 66R >>>> >>>> Please, here my questions: >>>> >>>> 1. Could you please give me an advice for my problem? >>>> >>>> 2. Should I setup only an only wins server? The one from >>>> samba4wins? Where? In one of the PDCs or in other server? >>>> >>>> Thank you, >>>> >>>> Pablo Chamorro >>>> >>>> --- >>>> Ext. 8705 >>>> >>>> Tel: +57 (2) 7302593/7320752/7323272 - Fax: +57 (2) 7325014 >>>> Calle 27 N° 9 ESTE - 25, Barrio La Carolina - Pasto >>>> Este mensaje de correo electrónico fue analizado por el antivirus institucional Mcafee y su contenido está dirigido para el uso exclusivo de los destinatarios direccionados y puede contener información que es privilegiada, confidencial y exime de divulgación bajo Ley Aplicable. Si usted no es un destinatario previsto o el agente responsable de entregar este email al destinatario (s) previsto, se le notifica por este medio que cualquier uso, difusión, distribución o copia de esta comunicación está prohibida y puede terminantemente ser ilegal. Si usted recibió este email por error, notifique por favor al remitente inmediatamente contestando a este email o por teléfono y borre el email que se le envió por error. This electronic mail message was scanned by the Mcafee anti-virus and its contents are intended only for the use of the addressed recipient(s) and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not an intended recipient, or the agent responsible for dlivering this email to the intended recipient(s), you are hereby notified that any use, dissemination, distribution or copying of this communication is strictly prohibited and may be unlawful. If you received this email in error, please notify the sender immediately by replying to this email or by telephone and delete the email sent in error. |