Visit The New, Modern Unix Linux Community

Special Forums UNIX and Linux Applications Stop samba from querying trusted domain servers Post 302433776 by mph on Wednesday 30th of June 2010 12:56:28 PM
Stop samba from querying trusted domain servers

Hi,

We've got a samba server running in our DMZ. Our users drag & drop files on it for vendors. Everything was working perfectly until the powers that be decided to build a trust between a couple of internal domains.

Samba is now querying each server in the trust. When a user browses the directory on the mapped drive occasionally explorer will hang. The same holds true for a Unix user truing to list a directory.

After much digging, I found that the "hang" is occurring when the trusted servers are being queried. The directory listing won't show up until the queries are done. This is causing some grief for users and the scripts that run in the background.

Since the server is in the DMZ the trusted servers aren't reachable, nor are there routes back to it from these servers. So, even if I did allow the traffic, it wouldn't come back anyway.

This appears to be a winbind problem. There seems to be no problem with authentication. Only mapping Unix UID to a Windows user name.

Is there a way to stop samba from querying these servers, or limit it to just our local server? I've been through the man pages, scoured the Internet & tried several ideas that I found all to no avail.

Any Ideas?

Thanks,

MPH
 
Test Your Knowledge in Computers #377
Difficulty: Medium
macOS is UNIX V7 compliant.
True or False?

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Using Samba to join a win 2000 Domain

I am trying to set samba up to join my windows 2000 domain and I am having troubles If anyone if familiar with this help would be greatly appreciated I issue the following command # ./smbpasswd -j DOMAIN -r DOMAINCONTROLER And the following gets returned load_client_codepage: filename... (4 Replies)
Discussion started by: gennaro
4 Replies

2. UNIX for Advanced & Expert Users

Samba does not connect to domain

I have a samba server and a raid SAN which is actually running samba. Neither one lets me access anything on the samba unix side. I really do not know where to look anymore. there are no errors. When I try to connect to the samba server I get prompted with login and password repeatedly. Frank (4 Replies)
Discussion started by: frankkahle
4 Replies

3. AIX

Servers still querying old DNS server?

Hello, I've created new DNS servers and changed all of the clients /etc/resolv.conf to point to them, but when I check the old DNS logs, I see that the clients are still querying it. Does anybody know why? thanks, (2 Replies)
Discussion started by: ctcuser
2 Replies

4. Red Hat

Samba: Authenticating and joining AD domain as a member

Hi all, I'm having some problems with joining an active directory domain as a member. My Linux servers using the same configuration across the board are all joining as domain controllers, which is bad. I am running Samba 3.0.25b-0.4E.6 on all of my RHEL servers. Here is my global... (1 Reply)
Discussion started by: Bert
1 Replies

5. Solaris

How to stop samba on solaris 10?

Hello to everybody from Argentina. I need to stop samba because i need to fsck a filesystem How can i do this? I presume that the version is higher than 3.0. /usr/sfw/sbin/smbd -D This is the out of ps -ef | grep smbd. Thank you very much for your time i am a litle lost. The... (4 Replies)
Discussion started by: enkei17
4 Replies

6. Homework & Coursework Questions

cannot join xp or vista to samba domain (PDC)

Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted! 1. The problem statement, all variables and given/known data: I have a barebones XP Pro SP2 with no firewall. CentOS 5.xx running a Samba 3.xx Domain (PDC) The XP machine... (2 Replies)
Discussion started by: pogipants
2 Replies

7. UNIX for Dummies Questions & Answers

Samba change domain controller

Hello people i have a samba and they changed domain controller from a windows 2003 to a windows 2008, there is a problem with the version of samba maybe incompatibilities i dont know what show me this domain_client_validate: unable to validate password for user xxxx in domain xxxx to Domain... (0 Replies)
Discussion started by: enkei17
0 Replies

8. Debian

Testing a SAMBA Domain Controller

Hello,,, We have an existing(working) MS PDC in our office. I have already installed SAMBA with LDAP Authentication on a TEST machine (on same LAN). But, am unable to join a WinXP machine to this domain. in smb.conf i have: WORKGROUP = mydomain and tried to join the XP machine to... (0 Replies)
Discussion started by: coolatt
0 Replies

9. Windows & DOS: Issues & Discussions

Lost Domain Admin Privileges in Samba

Hello, I have apparently lost all domain admin privledges in Samba. I have had several problems ever since I installed the 1/31 Solaris patch cluster. I had to roll out one Samba update (146363-01), which denied all logons network access. However, this particular problem seems to have begun... (0 Replies)
Discussion started by: stringman
0 Replies

10. UNIX for Dummies Questions & Answers

Help with accessing Samba shares on external (NON-DOMAIN) webserver(s)

Hi all, You may have seen my recent topic, where I asked for help getting some samba shares to work on our network. Now that these are working, I move on to the next hurdle! We have a few externally hosted (Windows Server 2008 R2) web servers which are not on our domain, but can still... (0 Replies)
Discussion started by: mgreen81
0 Replies
WBINFO(1)							   User Commands							 WBINFO(1)

NAME
wbinfo - Query information from winbind daemon SYNOPSIS
wbinfo [-a user%password] [--all-domains] [--allocate-gid] [--allocate-uid] [-c] [-D domain] [--domain domain] [-g] [--getdcname domain] [--get-auth-user] [-G gid] [-h] [-i user] [-I ip] [-K user%password] [-m] [-n name] [-N netbios-name] [--own-domain] [-p] [-r user] [--remove-uid-mapping uid,sid] [--remove-gid-mapping gid,sid] [-s sid] [--separator] [--sequence] [--set-auth-user user%password] [--set-uid-mapping uid,sid] [--set-gid-mapping gid,sid] [-S sid] [-t] [-u] [--uid-info uid] [--user-domgroups sid] [--user-sids sid] [-U uid] [-V] [-Y sid] [--verbose] DESCRIPTION
This tool is part of the samba(7) suite. The wbinfo program queries and returns information created and used by the winbindd(8) daemon. The winbindd(8) daemon must be configured and running for the wbinfo program to be able to return information. OPTIONS
-a|--authenticate username%password Attempt to authenticate a user via winbindd(8). This checks both authentication methods and reports its results. Note Do not be tempted to use this functionality for authentication in third-party applications. Instead use ntlm_auth(1). --allocate-gid Get a new GID out of idmap --allocate-uid Get a new UID out of idmap --all-domains List all domains (trusted and own domain). -c|--change-secret Change the trust account password. May be used in conjunction with domain in order to change interdomain trust account passwords. --domain name This parameter sets the domain on which any specified operations will performed. If special domain name '.' is used to represent the current domain to which winbindd(8) belongs. Currently only the --sequence, -u, and -g options honor this parameter. -D|--domain-info domain Show most of the info we have about the specified domain. -g|--domain-groups This option will list all groups available in the Windows NT domain for which the samba(7) daemon is operating in. Groups in all trusted domains will also be listed. Note that this operation does not assign group ids to any groups that have not already been seen by winbindd(8). --get-auth-user Print username and password used by winbindd(8) during session setup to a domain controller. Username and password can be set using --set-auth-user. Only available for root. --getdcname domain Get the DC name for the specified domain. -G|--gid-to-sid gid Try to convert a UNIX group id to a Windows NT SID. If the gid specified does not refer to one within the idmap gid range then the operation will fail. -i|--user-info user Get user info. -I|--WINS-by-ip ip The -I option queries winbindd(8) to send a node status request to get the NetBIOS name associated with the IP address specified by the ip parameter. -K|--krb5auth username%password Attempt to authenticate a user via Kerberos. -m|--trusted-domains Produce a list of domains trusted by the Windows NT server winbindd(8) contacts when resolving names. This list does not include the Windows NT domain the server is a Primary Domain Controller for. -n|--name-to-sid name The -n option queries winbindd(8) for the SID associated with the name specified. Domain names can be specified before the user name by using the winbind separator character. For example CWDOM1/Administrator refers to the Administrator user in the domain CWDOM1. If no domain is specified then the domain used is the one specified in the smb.conf(5) workgroup parameter. -N|--WINS-by-name name The -N option queries winbindd(8) to query the WINS server for the IP address associated with the NetBIOS name specified by the name parameter. --own-domain List own domain. -p|--ping Check whether winbindd(8) is still alive. Prints out either 'succeeded' or 'failed'. -r|--user-groups username Try to obtain the list of UNIX group ids to which the user belongs. This only works for users defined on a Domain Controller. -s|--sid-to-name sid Use -s to resolve a SID to a name. This is the inverse of the -n option above. SIDs must be specified as ASCII strings in the traditional Microsoft format. For example, S-1-5-21-1455342024-3071081365-2475485837-500. --separator Get the active winbind separator. --sequence Show sequence numbers of all known domains. --set-auth-user username%password Store username and password used by winbindd(8) during session setup to a domain controller. This enables winbindd to operate in a Windows 2000 domain with Restrict Anonymous turned on (a.k.a. Permissions compatible with Windows 2000 servers only). -S|--sid-to-uid sid Convert a SID to a UNIX user id. If the SID does not correspond to a UNIX user mapped by winbindd(8) then the operation will fail. -t|--check-secret Verify that the workstation trust account created when the Samba server is added to the Windows NT domain is working. May be used in conjunction with domain in order to verify interdomain trust accounts. -u|--domain-users This option will list all users available in the Windows NT domain for which the winbindd(8) daemon is operating in. Users in all trusted domains will also be listed. Note that this operation does not assign user ids to any users that have not already been seen by winbindd(8) . --uid-info uid Get user info for the user connected to user id UID. --user-domgroups sid Get user domain groups. --user-sids sid Get user group SIDs for user. -U|--uid-to-sid uid Try to convert a UNIX user id to a Windows NT SID. If the uid specified does not refer to one within the idmap uid range then the operation will fail. --verbose Print additional information about the query results. -Y|--sid-to-gid sid Convert a SID to a UNIX group id. If the SID does not correspond to a UNIX group mapped by winbindd(8) then the operation will fail. --remove-uid-mapping uid,sid Remove an existing uid to sid mapping entry from the IDmap backend. --remove-gid-mapping gid,sid Remove an existing gid to sid mapping entry from the IDmap backend. --set-uid-mapping uid,sid Create a new or modify an existing uid to sid mapping in the IDmap backend. --set-gid-mapping gid,sid Create a new or modify an existing gid to sid mapping in the IDmap backend. -V|--version Prints the program version number. -h|--help Print a summary of command line options. EXIT STATUS
The wbinfo program returns 0 if the operation succeeded, or 1 if the operation failed. If the winbindd(8) daemon is not working wbinfo will always return failure. VERSION
This man page is correct for version 3 of the Samba suite. SEE ALSO
winbindd(8) and ntlm_auth(1) AUTHOR
The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed. wbinfo and winbindd were written by Tim Potter. The conversion to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was done by Alexander Bokovoy. Samba 3.5 06/18/2010 WBINFO(1)

Featured Tech Videos

All times are GMT -4. The time now is 02:07 AM.
Unix & Linux Forums Content Copyright 1993-2020. All Rights Reserved.
Privacy Policy